Open Source License Inconsistencies on GitHub [TOSEM Journal]

Abstract: Almost all software, open or closed, builds on open source software and therefore needs to comply with the license obligations of the open source code. Not knowing which licenses to comply with poses a legal danger to anyone using open source software. This article investigates the extent of inconsistencies between licenses declared by an open source project at the top level of the repository, and the licenses found in the code. We analysed a sample of 1,000 open source GitHub repositories. We find that about half of the repositories did not fully declare all licenses found in the code. Of these, approximately ten percent represented a permissive vs. copyleft license mismatch. Furthermore, existing tools cannot fully identify licences. We conclude that users of open source code should not only look at the declared licenses of the open source code they intend to use, but rather examine the software to understand its actual licenses.

Continue reading “Open Source License Inconsistencies on GitHub [TOSEM Journal]”

Challenges of Working From Home in Software Development During COVID-19 Lockdowns [TOSEM Journal]

Abstract: The COVID-19 pandemic of 2020-2022 and the resulting lockdowns forced many companies to switch to working from home, swiftly, on a large scale, and without preparation. This situation created unique challenges for software development, where individual software professionals had to shift instantly from working together at a physical venue to working remotely from home. Our research questions focus on the challenges of software professionals who work from home due to the COVID-19 pandemic, which we studied empirically at a German bank. We conducted a case study employing a mixed methods approach. We aimed to cover both the breadth of challenges via a quantitative survey, as well as a deeper understanding of these challenges via the follow-up qualitative analysis of fifteen semi-structured interviews. In this paper, we present the key impediments employees faced during the crisis, as well as their similarities and differences to the known challenges in distributed software development (DSD). We also analyze the employees’ job satisfaction and how the identified challenges impact the job satisfaction. In our study, we focus on challenges in collaboration, communication, management, and tooling. The findings of the study provide insights into this emerging topic of high industry relevance. At the same time, the study contributes to the existing academic research on work from home and on the COVID-19 pandemic aftermath.

Continue reading “Challenges of Working From Home in Software Development During COVID-19 Lockdowns [TOSEM Journal]”

Management Accounting Concepts for Inner Source Software Engineering [ICSOB 2022]

Abstract: Inner source software development is the use of open source development’s best practices inside a company. In inner source, developers collaborate on reusable software components across company-internal organizational silo boundaries for mutual benefit. As such, inner source goes against the grain of traditional management techniques. In this article, we present two conceptual models of management accounting for inner source. We derived these prototypes by performing a literature review and triangulating the results with interviews of industry practitioners. We demonstrate how the conceptual models can be used for monitoring and controlling inner source projects and to determine their future viability.

Continue reading “Management Accounting Concepts for Inner Source Software Engineering [ICSOB 2022]”

A Research Model for the Economic Assessment of Inner Source Software Development [HICSS 2023]

Abstract: Inner source is the use of open-source practices within companies. It enables more efficient software development, shortens time-to-market, and lowers costs through increased company-internal collaboration. While existing studies examine social and organizational impact factors on inner source adoption, only a few have looked at measuring and economically assessing inner source. This article presents an overview of current research regarding inner source, its measurement, economic assessment, and impact on businesses and their processes. Based on a systematic literature review we build a research model for economic inner source assessment. This research model shows thematic dependencies between the economic impact of inner source and its measurement. Additionally, it proposes research questions and hypotheses on measuring, economically assessing, and subsequently adopting inner source.

Continue reading “A Research Model for the Economic Assessment of Inner Source Software Development [HICSS 2023]”

Open Source Software Governance: A Case Study Evaluation of Supply Chain Management Best Practices [HICSS 2023]

Abstract: Corporate open source governance aims to manage the increasing use of free/libre and open source software (FLOSS) in companies. To avoid the risks of the ungoverned use, companies need to establish processes addressing license compliance, component approval, and supply chain management (SCM). We proposed a set of industry-inspired best practices for supply chain management organized into a handbook. To evaluate the handbook, we ran a one-year case study at a large enterprise software company, where we performed semi-structured interviews, workshops, and direct observations. We assessed the initial situation of open source governance, the implementation of the proposed SCM best practices, and the resulting impact. We report the results of this study by demonstrating and discussing the artifacts created while the case study company implemented the SCM-focused governance process. The evaluation case study enabled the real-life application and the improvement of the proposed best practices.

Continue reading “Open Source Software Governance: A Case Study Evaluation of Supply Chain Management Best Practices [HICSS 2023]”

Challenges to Open Collaborative Data Engineering [HICSS 2023]

Abstract: Open data is data that can be used, modified, and passed on, for free, similar to open-source software. Unlike open-source, however, there is little collaboration in open data engineering. We perform a systematic literature review of collaboration systems in open data, specifically for data engineering by users, taking place after data has been made available as open data. The results show that open data users perform a wide range of activities to acquire, understand, process and maintain data for their projects without established best practices or standardized tools for open collaboration. We identify and discuss technical, community, and process challenges to collaboration in data engineering for open data.

Continue reading “Challenges to Open Collaborative Data Engineering [HICSS 2023]”

The Benefits of Pre-Requirements Specification Traceability [RE 2022]

Abstract: Requirements traceability is the ability to trace requirements to other software engineering artifacts. Traceability can be classified as either pre- or post-requirements specifications (RS) traceability. Pre-RS traceability is the ability to trace between requirements and their origin. However, the benefits of pre-RS traceability are often not clear. In this article, we systematically lay out the benefits of pre-RS traceability. We present results from both a literature review and a qualitative survey of practitioners involved with documenting and utilizing such trace links. We find that the benefits strongly depend on the practitioners, their tasks, and the project environment. Awareness of these relationships supports a clearer understanding of the benefits of pre-RS traceability and thus motivates successful implementation of the required practices. The results of our research motivates the adoption of pre-RS traceability and present problem areas for future research.

Continue reading “The Benefits of Pre-Requirements Specification Traceability [RE 2022]”

Calculating the Costs of Inner Source Collaboration by Computing the Time Worked [HICSS 2022]

Abstract: A key part of taxation, controlling, and management of international collaborative programming workflows is determining the costs of a supplied software artifact. The OECD suggests the use of the Cost Plus method for calculating these costs. However, in the past, this method has been implemented using only coarse-grain data from the costs of whole organizational units. Due to the move to inner source software development, we need a much more fine-grain solution for computing the detailed time spent on programming specific components. This is necessary, because a more accurate work time distribution is required to fulfill the fiscal and administrative challenges posed by collaborating across organizational boundaries. In this article, we present a novel method to determine the time spent on an individual code contribution (commit) to a software component for use within cost calculation, especially for taxation purposes. We demonstrate the usefulness of our approach by application to a real-world data set gathered at a large multi-national corporation. We evaluate our work through feedback received from this corporation and from the German Ministry of Finance.

Continue reading “Calculating the Costs of Inner Source Collaboration by Computing the Time Worked [HICSS 2022]”

A Validation of QDAcity‑RE for Domain Modeling Using Qualitative Data Analysis [RE Journal]

Abstract: Using qualitative data analysis (QDA) to perform domain analysis and modeling has shown great promise. Yet, the evaluation of such approaches has been limited to single-case case studies. While these exploratory cases are valuable for an initial assessment, the evaluation of the efficacy of QDA to solve the suggested problems is restricted by the common single-case case study research design. Using our own method, called QDAcity-RE, as the example, we present an in-depth empirical evaluation of employing qualitative data analysis for domain modeling using a controlled experiment design. Our controlled experiment shows that the QDA-based method leads to a deeper and richer set of domain concepts discovered from the data, while also being more time efficient than the control group using a comparable non-QDA-based method with the same level of traceability.

Continue reading “A Validation of QDAcity‑RE for Domain Modeling Using Qualitative Data Analysis [RE Journal]”