Industry Requirements for FLOSS Governance Tools to Facilitate the Use of Open Source Software in Commercial Products

Abstract: Virtually all software products incorporate free/libre and open source software (FLOSS) components. However, ungoverned use of FLOSS components can result in legal and nancial risks, and risks to a rm’s intellectual property. To avoid these risks, companies must govern their FLOSS use through open source governance processes and by following industry best practices. A particular challenge is license compliance. To manage the complexity of governance and compliance, companies should use tools and well-de ned processes. This paper investigates and presents industry requirements for FLOSS governance tools, followed by an evaluation of the suggested requirements. We chose eleven companies with an advanced understanding of open source governance and interviewed their FLOSS governance experts to derive a theory of industry requirements for tooling. We list tool requirements on tracking and reuse of FLOSS components, license compliance, search and selection of components, and architecture model for software products. For practical relevance, we cast our theory as a requirements speci cation for FLOSS governance tools. We then analyzed the features of leading governance tools and used this analysis to evaluate two categories of our theory: FLOSS license scanning and FLOSS components in product bills of materials.

Keywords: Open Source Software, FLOSS, FOSS, Open Source Governance, FLOSS governance tools, company requirements for FLOSS tools.

Reference: Harutyunyan, N., Bauer, A., & Riehle, D. (2019). Industry Requirements for FLOSS Governance Tools to Facilitate the Use of Open Source Software in Commercial Products. Journal of Systems and Software, to appear.

A preprint of the paper is available as a PDF file. This article is an expanded version, per invitation, of our OSS 2018 paper.

Open Source License Compliance–Why and How? (Hendrik Schoettle, IEEE Computer Column)

I’m happy to report that the third article in the new Open Source Expanded column of IEEE Computer was published.

TitleOpen Source License Compliance–Why and How?
KeywordsOpen Source Software, Licenses, Software Packages
AuthorsHendrik Schoettle, Osborne Clarke, Munich, Germany
PublicationIEEE Computer, August 2019, pp. 63-67, vol. 52

Abstract: Compliance with open source software (OSS) license requirements is necessary but often overlooked. This article explains how OSS license compliance differs from compliance with commercial software licenses, why it is necessary even though OSS is generally free, and what requirements have to be met with OSS.

As always, the article is freely available (local copy).

Open Source License Compliance in Software Supply Chains

Abstract: Almost all software products today include open-source components. However, the obligations that open-source licenses put on their users can be difficult or undesirable to comply with. As a consequence, software vendors and related companies need to govern the process by which open-source components are included in their products. A key process of such open-source governance is license clearance, that is, the process by which a company decides whether a particular component’s license is acceptable for use in its products. In this article, we discuss this process, review the challenges it poses to software vendors, and provide unanswered research questions that result from it.

Keywords: Open source licenses, open source license compliance, software supply chain, product model

Reference: Riehle, D., & Harutyunyan, N. (2019). Open-Source License Compliance in Software Supply Chains. In Fitzgerald B., Mockus A., Zhou M. (eds) Towards Engineering Free/Libre Open Source Software (FLOSS) Ecosystems for Impact and Sustainability. Springer, Singapore, pp. 83-95.

A preprint of the paper is available as a PDF file and as a web page. Alternatively, you can pay Springer for the final version.

Getting Started with FLOSS Governance and Compliance in Companies (OpenSym 2019)

Abstract: Commercial use of open source software is on the rise as more companies realize the benefits of using FLOSS components in their products. At the same time, the ungoverned use of such components can result in legal, financial, intellectual property, and other risks. To mitigate these risks, companies must govern their use of open source through appropriate processes. This paper presents an initial theory of industry best practices on getting started with open source governance and compliance, focusing on private companies. Through a qualitative survey, we conducted and analyzed 15 expert interviews in companies with advanced capabilities in open source governance. We also studied practitioner reports on existing practices for introducing FLOSS governance processes. We cast our resulting initial theory in the actionable format of best practice patterns that, when combined, form a practical handbook of getting started with FLOSS governance in private companies.

Continue reading “Getting Started with FLOSS Governance and Compliance in Companies (OpenSym 2019)”

Free and Open Source Software Licenses Explained (Miriam Ballhausen, IEEE Computer Column)

I’m happy to report that the second article in the new Open Source Expanded column of IEEE Computer was published.

TitleFree and Open Source Software Licenses Explained
KeywordsOpen Source Software, Licenses, Computer Security
AuthorsMiriam Ballhausen, Bird & Bird, LLP, Hamburg, Germany
PublicationIEEE Computer, June 2019, pp. 82-86, vol. 52

Abstract: This installment of Computer’s series exploring free and open source software confronts a pressing issue, free and open source software licenses: what they are, the rights they convey, and the restrictions they impose.

As always, the article is freely available (local copy).

The Innovations of Open Source

Abstract: Open source has given us many innovations. This article provides an overview of the most important innovations and illustrates the impact that open source is having on the software industry and beyond. The main innovations of open source can be grouped into four categories: Legal innovation, process innovation, tool innovation, and business model innovation. Probably the best known innovations are open source licenses, which also define the concept.

Keywords: Open source, open collaboration, open innovation, software industry, business models

Reference: Riehle, D. (2019, April). The Innovations of Open Source. IEEE Computer vol. 52, no. 4, pp. 59-63.

The article is available in the IEEE library or as a web page.

Uncovering the Periphery: A Qualitative Survey of Episodic Volunteering in Free/Libre and Open Source Software Communities

Abstract: Free/Libre and Open Source Software (FLOSS) communities are composed, in part, of volunteers, many of whom contribute infrequently. However, these infrequent volunteers contribute to the sustainability of FLOSS projects, and should ideally be encouraged to continue participating, even if they cannot be persuaded to contribute regularly. Infrequent contributions are part of a trend which has been widely observed in other sectors of volunteering, where it has been termed “episodic volunteering” (EV). Previous FLOSS research has focused on the Onion model, differentiating core and peripheral developers, with the latter considered as a homogeneous group. We argue this is too simplistic, given the size of the periphery group and the myriad of valuable activities they perform beyond coding. Our exploratory qualitative survey of 13 FLOSS communities investigated what episodic volunteering looks like in a FLOSS context. EV is widespread in FLOSS communities, although not specifically managed. We suggest several recommendations for managing EV based on a framework drawn from the volunteering literature. Also, episodic volunteers make a wide range of value-added contributions other than code, and they should neither be expected nor coerced into becoming habitual volunteers.

Keywords: Community management, episodic volunteering, free software, open source software, peripheral developer, volunteer management

Reference: Ann Barcomb, Andreas Kaufmann, Dirk Riehle, Klaas-Jan Stol, and Brian Fitzgerald. “Uncovering the Periphery: A Qualitative Survey of Episodic Volunteering in Free/Libre and Open Source Software Communities.” Transactions on Software Engineering. To appear.

The paper can be downloaded as a PDF file.

User Experience Design in Software Product Lines

Abstract: User experience design is an important part of software product development, and yet software product line engineering has largely ignored this topic. This paper presents a set of industry best practices for user experience design in software product lines. We conducted multiple-case case study research using two different product lines within the multinational company Siemens AG: in a healthcare software division and in an industrial automation software division. We performed a preliminary exploratory study that will serve as a baseline for future research in the design, implementation, and management of user experience design in the context of software product lines. Practitioners can use our findings and the resulting best practices to improve their user experience design, particularly within
healthcare and industrial automation software product lines.

Keywords: User experience design, UXD, user interface design, software product lines, SPL, engineering best practices, case study research, handbook method

Reference: Harutyunyan, N., & Riehle, D. (2019). User Experience Design in Software Product Lines. In Proceedings of the 52nd Hawaii International Conference on System Sciences (HICSS 2019), pp. 7503-7512.

The paper is available as a PDF file.

The QDAcity-RE Method for Structural Domain Modeling Using Qualitative Data Analysis

Abstract: The creation of domain models from qualitative input relies heavily on experience. An uncodified ad-hoc modeling process is still common and leads to poor documentation of the analysis. In this article we present a new method for domain analysis based on qualitative data analysis. The method helps identify inconsistencies, ensures a high degree of completeness, and inherently provides traceability from analysis results back to stakeholder input. These traces do not have to be documented after the fact, but rather emerge naturally as part of the analysis process. We evaluate our approach using four exploratory studies.

Keywords: Domain modeling, Domain model, Requirements engineering, Requirements elicitation, Qualitative data analysis

Reference: Kaufmann, A., & Riehle, D. (2019). The QDAcity-RE method for structural domain modeling using qualitative data analysis. Requirements Engineering, vol. 24, no. 1 (March 2019), pp. 85-102.

The paper is available as a PDF file.

Understanding Industry Requirements for FLOSS Governance Tools

Abstract: Almost all software products today incorporate free/libre, and open source software (FLOSS) components. Companies must govern their FLOSS use to avoid potential risks to their intellectual property resulting from the use of FLOSS components. A particular challenge is license compliance. To manage the complexity of license compliance, companies should use tools and well-defined processes to perform these tasks time and cost efficiently. This paper investigates and presents common industry requirements for FLOSS governance tools, followed by an evaluation of the suggested requirements by matching them with the features of existing tools. We chose 10 industry-leading companies through polar theoretical sampling and interviewed their FLOSS governance experts to derive a theory of industry needs and requirements for tooling. We then analyzed the features of a governance tools sample and used this analysis to evaluate two categories of our theory: FLOSS license scanning and FLOSS in product bills of materials. The result is a list of FLOSS governance requirements based on our qualitative study of the industry, evaluated using the existing governance tool features. For higher practical relevance, we cast our theory as a requirements specification for FLOSS governance tools.

Keywords: Open Source Software, FLOSS, FOSS, Open Source Governance, FLOSS governance tools, company requirements for FLOSS tools

Reference: Nikolay Harutyunyan, Andreas Bauer, and Dirk Riehle. 2018. Understanding Industry Requirements for FLOSS Governance Tools. In OSS ’18: 14th International Conference on Open Source Systems, June 8-10, 2018, Athens, Greece. Springer, IFIP Advances in Information and Communication Technology, 12 pages.

A preprint of the paper is available here as a PDF file.