Category: 2.3 Open Source (Building)
-
Open source dependencies are investments
The Linux Foundation’s research arm just published a report about interviews with 32 maintainers of critical open source projects (local copy). Only 62% of these maintainers, i.e. 20 people, were employed by their organizations to work on these open source components. I consider this low and would have expected a higher number. What’s worse, only…
-
![Open source license inconsistencies on GitHub [TOSEM Journal]](https://dirkriehle.com/wp-content/uploads/featured/10020-montreal-in-the-air-tonight-300x150.jpg)
Open source license inconsistencies on GitHub [TOSEM Journal]
Abstract: Almost all software, open or closed, builds on open source software and therefore needs to comply with the license obligations of the open source code. Not knowing which licenses to comply with poses a legal danger to anyone using open source software. This article investigates the extent of inconsistencies between licenses declared by an…
-
![Open-source software governance: A case study evaluation of supply-chain management best practices [HICSS 2023]](https://dirkriehle.com/wp-content/uploads/featured/10029-berlin-philharmonie-300x150.jpg)
Open-source software governance: A case study evaluation of supply-chain management best practices [HICSS 2023]
Abstract: Corporate open source governance aims to manage the increasing use of free/libre and open source software (FLOSS) in companies. To avoid the risks of the ungoverned use, companies need to establish processes addressing license compliance, component approval, and supply chain management (SCM). We proposed a set of industry-inspired best practices for supply chain management…
-
![Challenges to open collaborative data engineering [HICSS 2023]](https://dirkriehle.com/wp-content/uploads/featured/10031-hongkong-shoe-fashion-300x150.jpg)
Challenges to open collaborative data engineering [HICSS 2023]
Abstract: Open data is data that can be used, modified, and passed on, for free, similar to open-source software. Unlike open-source, however, there is little collaboration in open data engineering. We perform a systematic literature review of collaboration systems in open data, specifically for data engineering by users, taking place after data has been made…
-
Who to blame for the log4j vulnerability?
So far, nobody. Not the open source developers, who responded fast and professionally, and not the companies who handled the risk within a day or two. Eventually, however, we will have to blame (or complain) about those companies who got cracked because they did not remove the vulnerability in time. Now, why would a company…
-
Upcoming talk on establishing open source license compliance using continuous integration
Philippe Ombredanne, lead maintainer of ScanCode, will give a talk on open source license compliance, injected into my own lecture series on commercial open source software, both organized by CROSS, the Center for Research on Open Source Software at UC Santa Cruz. Abstract Open source has changed deeply how projects and products are created; they…