Dirk Riehle's Industry and Research Publications

Category: 2.3 Open Source (Building)

  • Open source license compliance and work-for-hire

    Open source license compliance and work-for-hire

    A common question that I am asked in my seminar on license-compliant delivery of products that contain open source software is: But what about a work-for-hire? We are a consulting company: As we work for our clients, and use open source software, do we have to create all those legal notices? The answer, as so…

  • Managing your open source supply chain—Why and how? (Nikolay Harutyunyan, IEEE Computer)

    Managing your open source supply chain—Why and how? (Nikolay Harutyunyan, IEEE Computer)

    I’m happy to report that the eigth article in the open source column of IEEE Computer has been published. Title Managing Your Open Source Supply Chain—Why and How? Keywords Open Source, Software Supply Chain Authors Nikolay Harutyunyan, Friedrich-Alexander-University Erlangen-Nürnberg Publication Computer vol. 53, no. 6 (June 2020), pp 77-81 Abstract: More than 90% of software…

  • Challenges of tracking and documenting open source dependencies in products: A case study (video)

    Challenges of tracking and documenting open source dependencies in products: A case study (video)

    Today, Andreas (Andi) Bauer presented some of our work on managing open source dependencies in software products. Please watch the talk below (local copy). The presentation is based on the same-name research paper.

  • Why I gray-listed GitHub for open source

    Why I gray-listed GitHub for open source

    Most of my software development is through my professorship, where I guide my student teams in developing (mostly) open source software. We have clear rules in place for how and which open source can be used in our projects and which can’t, like any competent organization. Mostly, it is about license compliance. We owe this…

  • Challenges of tracking and documenting open source dependencies in products [OSS 2020]

    Challenges of tracking and documenting open source dependencies in products [OSS 2020]

    Software vendors need to manage the dependencies of the open source components used in their products. Without this management, license compliance would be impossible, export restrictions could not be maintained, and security vulnerabilities would remain unknown to the vendor. The management of these dependencies has grown in an ad-hoc fashion in most companies. As such,…

  • Managing the open source dependency (Tomas Gustavsson, IEEE Computer)

    Managing the open source dependency (Tomas Gustavsson, IEEE Computer)

    I’m happy to report that the sixth article in the open source column of IEEE Computer has been published. Title Managing the Open Source Dependency Keywords Computer Applications, Open Source Software Authors Tomas Gustavsson, PrimeKey Publication Computer vol. 53, no. 2 (February 2020), pp 83-87 Abstract: Organizations use open source software in a majority of…