Dirk Riehle's Industry and Research Publications

Challenges of tracking and documenting open source dependencies in products [OSS 2020]

Software vendors need to manage the dependencies of the open source components used in their products. Without this management, license compliance would be impossible, export restrictions could not be maintained, and security vulnerabilities would remain unknown to the vendor. The management of these dependencies has grown in an ad-hoc fashion in most companies. As such, vendors find it hard to learn from each other and improve practices. To address this problem, we performed exploratory single-case study research at one large established software vendor. We gathered and analyzed the key challenges of tracking and documenting open source dependencies in products. We wanted to understand whether these ad-hoc solutions could be based on a single unified conceptual model for managing dependencies. Our study suggests that underlying the various point solutions that we found at this vendor lies a conceptual model that we tentatively call the product (architecture) model. In future cross-vendor work, we will investigate whether this conceptual model can be expanded to become a unifying model for all open source dependency management.

Keywords

Open Source Software, FLOSS, FOSS. Open Source Governance

Reference

Bauer, A., Harutyunyan, N., Riehle, D. & Schwarz, G.-D. (2020). Challenges of Tracking and Documenting Open Source Dependencies in Products: A Case Study. In Proceedings of the 16th International Conference on Open Source Software (OSS 2020), pp. 25-35.

Download

The paper is available as a PDF file.

Subscribe!

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Navigation

Share the content

Share on LinkedIn

Share by email

Share on X (Twitter)

Share on WhatsApp

Featured startups

QDAcity makes collaborative qualitative data analysis fun and easy.

Featured projects

Open data, easy and social
Engineering intelligence unleashed
Open source in products, easy and safe