Dirk Riehle's Industry and Research Publications

Understanding industry requirements for FLOSS governance tools

Abstract: Almost all software products today incorporate free/libre, and open source software (FLOSS) components. Companies must govern their FLOSS use to avoid potential risks to their intellectual property resulting from the use of FLOSS components. A particular challenge is license compliance. To manage the complexity of license compliance, companies should use tools and well-defined processes to perform these tasks time and cost efficiently. This paper investigates and presents common industry requirements for FLOSS governance tools, followed by an evaluation of the suggested requirements by matching them with the features of existing tools. We chose 10 industry-leading companies through polar theoretical sampling and interviewed their FLOSS governance experts to derive a theory of industry needs and requirements for tooling. We then analyzed the features of a governance tools sample and used this analysis to evaluate two categories of our theory: FLOSS license scanning and FLOSS in product bills of materials. The result is a list of FLOSS governance requirements based on our qualitative study of the industry, evaluated using the existing governance tool features. For higher practical relevance, we cast our theory as a requirements specification for FLOSS governance tools.

Keywords: Open Source Software, FLOSS, FOSS, Open Source Governance, FLOSS governance tools, company requirements for FLOSS tools

Reference: Nikolay Harutyunyan, Andreas Bauer, and Dirk Riehle. 2018. Understanding Industry Requirements for FLOSS Governance Tools. In OSS ’18: 14th International Conference on Open Source Systems, June 8-10, 2018, Athens, Greece. Springer, IFIP Advances in Information and Communication Technology, 12 pages.

A preprint of the paper is available here as a PDF file.

Newsletter subscription

Comments

  1. […] von Compliance in der Softwarelieferkette. Meine Forschungsgruppe wird mit einem Vortrag zu Anforderungen an Open Source Governance and License Compliance vertreten sein, basierend auf einem gleichnamigen auf der OSS 2018 präsentierten Papier. Please […]

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Navigation

Share the joy

Share on LinkedIn

Share by email

Share on X (Twitter)

Share on WhatsApp

Featured startups

QDAcity makes collaborative qualitative data analysis fun and easy.
EDITIVE makes document collaboration more effective.

Featured projects

Making free and open data easy, safe, and reliable to use
Bringing business intelligence to engineering management
Making open source in products easy, safe, and fun to use