Creating and Growing Healthy Community Open Source Projects (PLoP ’20)

Abstract: This article presents a succinct and minimal handbook of best practices of how to create and grow community open source projects. We start with the assumption that the handbook’s user has a minimal but useful piece of software at hand that they want to open source and build a community around.

Keywords: Open source, open source projects, open source communities, creating open source projects, growing open source projects

Reference:  Riehle, D. (2020). Creating and Growing Community Open Source Projects. In Proceedings of the 27th Conference on Pattern Languages of Programs (PLoP 2020). ACM, 14 pages.

The paper can be downloaded as a PDF file.

Inner Source and Financial Compliance

Inner source is the use of open source practices within companies. Engineers generally love it, but any open-source-style collaboration across business unit boundaries will usually get stopped dead in its tracks by the financial compliance department. That’s because financial compliance is likely to worry that to the tax authorities such inner source collaboration will look like attempts at profit shifting.

Below, please find a 20min. presentation on inner source and transfer pricing that I prepared for a workshop at the German Ministry of Finance. It is aimed at non-technical people.

You can also skim the slides, though the video offers significantly more information. Feel free to shoot any questions you might have my way.

How to Make Finding Inner Source Projects Easy

In 2006, we set-up SAP forge to make finding and collaborating on inner source projects easy. The advice of how to design a forge or portal for this purpose hasn’t really changed over the years. The most important advice is:

Make the forge available at one place (and one place only) with a memorable URL like forge.acme.corp

The second most important advice is on the design of the home page of the forge. There are a couple of independent mechanisms that should be present. In order of descending importance (read: prominence of screen real estate given):

Continue reading “How to Make Finding Inner Source Projects Easy”

Industry Best Practices for Component Approval in Open Source Governance (EuroPLoP ’20)

Abstract: Increasingly companies realize the value of using free/libre and open source software (FLOSS) in their products, but need to manage the associated risks. Leading companies introduce open source governance as a solution. A key aspect of corporate FLOSS governance deals with choosing and evaluating open source components for use in products. Following an industry-based research approach, we present 13 best practices in the pattern format of context-problem-solutions paired with consequences. In this paper, we cover an excerpt of the Component Approval section of our FLOSS governance handbook. This article builds upon our previous EuroPLoP publication covering Component Reuse in FLOSS governance processes, as well as other publications on the topic. Analyzing qualitative data gathered from 15 expert interviews, we derive and interconnect the common industry recommendations for reviewing, tracking, and approving open source components in a company environment. We conclude by presenting workflow templates that put various best practices in relation to each other.

Keywords: Commercial use of open source, component approval, FLOSS, FOSS, industry best practice, open source software, open source governance, pattern language

Reference: Harutyunyan, N. & Riehle, D. (2020). Industry Best Practices for Component Approval in FLOSS Governance. In Proceedings of the 25th European Conference on Pattern Languages of Programs (EuroPLoP ’20). ACM, article 33.

The paper can be downloaded as a PDF file.

Getting Started with Corporate Open Source Governance: A Case Study Evaluation of Industry Best Practices (HICSS 54)

Abstract: Ope​n source software usage in companies is on the rise, often resulting in lower development costs, higher quality, and quick availability of code. However, using open source software in products comes with legal, business, and technical risks. Experienced companies prevent and address these risks through corporate open source governance. In our previous work, we studied how top-tier companies got started with corporate open source governance. We proposed a set of industry best practices on the topic, using the practical format of interconnected context-problem-solution patterns. In this study, we put the proposed state-of-the-art practices to the test by evaluating their real-life application in a case study at a Germany-based multi-billion-dollar corporation with products in four distinct industries and more than 17000 employees worldwide. In the course of two and a half years, we conducted 35 semi-structured employee interviews and workshops in five divisions of the company to assess the initial situation of open source governance, the process of getting started with governance following our recommendations, and the outcomes. In this paper, we report the results of this longitudinal case study by presenting the artifacts created while getting started with open source governance, as well as the transferability evaluation of the proposed best practices, both individually and collectively.

Keywords: Practice-based information system research, best practices, longitudinal case study, corporate open source governance, open source software, OSS, FLOSS.

Reference:  Harutyunyan, N. & Riehle, D. (2021). Getting Started with Corporate Open Source Governance: A Case Study Evaluation of Industry Best Practices. In Proceedings of the 54th Hawaii International Conference on System Sciences (HICSS 2021), pp. 6263-6274.

The paper can be downloaded as a PDF file.

Video for Breaking Down Organizational Silos with Inner Source (in German)

Eberhard Wolff just published the recording of my lunch chat on Software Architektur TV with him. Our topic was inner source and how to tear down firm-internal silos for better code reuse, more knowledge sharing, and generally more satisfied employees. Check it out below (local copy) or visit Eberhard’s site for it!

Or, just take a look at @teapot4181‘s fabulous visual summary.

Continue reading “Video for Breaking Down Organizational Silos with Inner Source (in German)”

Continuous Open Source License Compliance (Phipps & Zacchiroli, IEEE Computer Column)

I’m happy to report that the 12th article in the Open Source Expanded column of IEEE Computer has been published.

TitleContinuous Open Source License Compliance
KeywordsOpen Source Software, Licenses, Supply Chains, Standards, Computer Security
AuthorsSimon Phipps, Meshed Insights Ltd.  
Stefano Zacchiroli, Universite de Paris, France
PublicationComputer vol. 53, no. 12 (December 2020), pp. 115-119
Continue reading “Continuous Open Source License Compliance (Phipps & Zacchiroli, IEEE Computer Column)”

Standardizing Open Source License Compliance With OpenChain (Shane Coughlan, IEEE Computer Column)

I’m happy to report that the 11th article in the Open Source Expanded column of IEEE Computer has been published.

TitleStandardizing Open Source License Compliance With OpenChain
KeywordsCryptography, Distributed Databases, IEC Standards, ISO Standards, Legislation, Project Management, Public Domain Software, Software Development Management, Software Standards, Blockchain, Open Chain Project, ISO IEC JTC 1 PAS Transposition Process, Open Source License Compliance Standardization, Open Source Software, Standards, Licenses
AuthorsShane Coughlan, Linux Foundation
PublicationComputer vol. 53, no. 11 (November 2020), pp. 70-74
Continue reading “Standardizing Open Source License Compliance With OpenChain (Shane Coughlan, IEEE Computer Column)”