Category: 2.3 Open Source (Building)
-
You just don’t understand (open source edition)
Listening to open source developers complaining about companies not donating money and then getting ignored by said companies reminds me of a quarreling couple, where one side has a lot to say and the other side is just silent. Let me turn this silence into statements a company would make. Let’s go! Open source developer:…
-
Open source dependencies are investments
The Linux Foundation’s research arm just published a report about interviews with 32 maintainers of critical open source projects (local copy). Only 62% of these maintainers, i.e. 20 people, were employed by their organizations to work on these open source components. I consider this low and would have expected a higher number. What’s worse, only…
-
Open source license inconsistencies on GitHub [TOSEM Journal]
Abstract: Almost all software, open or closed, builds on open source software and therefore needs to comply with the license obligations of the open source code. Not knowing which licenses to comply with poses a legal danger to anyone using open source software. This article investigates the extent of inconsistencies between licenses declared by an…
-
Open-source software governance: A case study evaluation of supply-chain management best practices [HICSS 2023]
Abstract: Corporate open source governance aims to manage the increasing use of free/libre and open source software (FLOSS) in companies. To avoid the risks of the ungoverned use, companies need to establish processes addressing license compliance, component approval, and supply chain management (SCM). We proposed a set of industry-inspired best practices for supply chain management…
-
Challenges to open collaborative data engineering [HICSS 2023]
Abstract: Open data is data that can be used, modified, and passed on, for free, similar to open-source software. Unlike open-source, however, there is little collaboration in open data engineering. We perform a systematic literature review of collaboration systems in open data, specifically for data engineering by users, taking place after data has been made…
-
Who to blame for the log4j vulnerability?
So far, nobody. Not the open source developers, who responded fast and professionally, and not the companies who handled the risk within a day or two. Eventually, however, we will have to blame (or complain) about those companies who got cracked because they did not remove the vulnerability in time. Now, why would a company…