Dirk Riehle's Industry and Research Publications

Category: 2.3 Open Source (Building)

  • Who to blame for the log4j vulnerability?

    Who to blame for the log4j vulnerability?

    So far, nobody. Not the open source developers, who responded fast and professionally, and not the companies who handled the risk within a day or two. Eventually, however, we will have to blame (or complain) about those companies who got cracked because they did not remove the vulnerability in time. Now, why would a company…

  • Upcoming talk on establishing open source license compliance using continuous integration

    Upcoming talk on establishing open source license compliance using continuous integration

    Philippe Ombredanne, lead maintainer of ScanCode, will give a talk on open source license compliance, injected into my own lecture series on commercial open source software, both organized by CROSS, the Center for Research on Open Source Software at UC Santa Cruz. Abstract Open source has changed deeply how projects and products are created; they…

  • Creating and growing healthy community open source projects [PLoP 2020]

    Creating and growing healthy community open source projects [PLoP 2020]

    Abstract: This article presents a succinct and minimal handbook of best practices of how to create and grow community open source projects. We start with the assumption that the handbook’s user has a minimal but useful piece of software at hand that they want to open source and build a community around. Keywords: Open source,…

  • Industry best practices for component approval in open source governance [EuroPLoP 2020]

    Industry best practices for component approval in open source governance [EuroPLoP 2020]

    Abstract: Increasingly companies realize the value of using free/libre and open source software (FLOSS) in their products, but need to manage the associated risks. Leading companies introduce open source governance as a solution. A key aspect of corporate FLOSS governance deals with choosing and evaluating open source components for use in products. Following an industry-based…

  • Getting started with corporate open source governance: A case study evaluation of industry best practices [HICSS 2021]

    Getting started with corporate open source governance: A case study evaluation of industry best practices [HICSS 2021]

    Abstract: Ope​n source software usage in companies is on the rise, often resulting in lower development costs, higher quality, and quick availability of code. However, using open source software in products comes with legal, business, and technical risks. Experienced companies prevent and address these risks through corporate open source governance. In our previous work, we…

  • Continuous open source license compliance (Phipps & Zacchiroli, IEEE Computer)

    Continuous open source license compliance (Phipps & Zacchiroli, IEEE Computer)

    I’m happy to report that the 12th article in the open source column of IEEE Computer has been published. Title Continuous Open Source License Compliance Keywords Open-source software, licenses, supply chains, standards, computer security Authors Simon Phipps; Stefano Zacchiroli Publication Computer vol. 53, no. 12 (December 2020), pp. 115-119 Abstract: This article considers the role…