Abstract: Corporate use of open source in software products is on the rise. While this brings a number of technological and business benefits to companies, it also comes with potential legal and financial risks caused by license non-compliance and ungoverned use of open source components. Companies address these threats with free/libre and open source software (FLOSS) governance – internal guidelines and processes for using open source components in products. An essential aspect of FLOSS governance is component reuse and component repository, which enable efficient governance for the previously used components by the company’s developers. In our study, we aimed to identify the current industry best practices for FLOSS governance and component reuse. We conducted 15 expert interviews in companies with high governance maturity, analyzed these interviews and derived 19 best practices cast in the pattern format of context-problem-solution. The format was inspired by design patterns and enables higher applicability of our research results by practitioners. The 19 best practices form a handbook on FLOSS governance and component reuse that also includes workflows connecting the individual practices into process templates.
Keywords: Open Source Software, FLOSS, FOSS, Open Source Governance, Best Practice, Commercial Use of Open Source, Component Repository, Component Reuse, Industry Best Practice, Introduction of FLOSS in Companies, Pattern, Pattern Language
Reference: Harutyunyan, N., & Riehle D. (2019). Industry Best Practices for FLOSS Governance and Component Reuse. In Proceedings of the 24th European Conference on Pattern Languages of Programs (EuroPLoP 2019). ACM, article no. 21.
I’m happy to report that the fifth article in the new Open Source Expanded column of IEEE Computer has been published.
How to select open source components
Open Source Software, Licenses, Documentation, Computer Bugs, Software Project Management
Diomidis Spinellis, Athens University of Economy and Business
Computer vol. 52, no. 12 (December 2019), pp. 103-106
Abstract: With millions of open source projects available on forges such as GitHub, it may be difficult to select those that best match your requirements. Examining each project’s product and development process can help you confidently select the open source projects required for your work.
I’m happy to report that the fourth article in the new Open Source Expanded column of IEEE Computer has been published.
Getting Started With Open Source Governance
Companies, Licenses, Security, Software, Law
Jeff McAffer, GitHub
Computer vol. 52, no. 10 (October 2019), pp. 92-96
Abstract: Using and managing open source is essential in modern software development. Here we lay out a framework for thinking about open source engagement and highlight the key steps in getting started.
Abstract: Companies usually don’t share the source code for the software they develop. While this approach is justified in software that constitutes differentiating intellectual property, proprietary development can lead to redundant development and other opportunity costs. In response, companies are increasingly open sourcing some if not all of their non-differentiating software. Given the limited academic research on this emerging topic, we bridge the gap between industry and academia by taking a practice-based approach. We investigate why and how companies engage in corporate open sourcing. We take an exploratory case study approach. Our cases are four companies with multi-billion-dollar revenues each: A major e-commerce company based in Germany; a leading social networking service company based in the USA; a cloud computing software company based in the USA; and a manufacturing and media software company based in the USA. We present the resulting theory in an actionable format of state-of-the-art best practice patterns.
Reference: Harutyunyan, N., Riehle, D., & Sathya, G. (2020). Industry Best Practices for Corporate Open Sourcing. In Proceedings of the 53rd Hawaii International Conference on System Sciences (HICSS 2020), to appear.
Abstract: Continuous deployment can reduce the time from a source code change to a newly deployed application significantly. Increased innovation speed can make all the difference in a competitive market situation. However, deploying at high frequency requires high speeds of discovering bugs in the deployed software. Using the JDownloader file download manager as our example, we present a fitness model to evaluate a continuously deployed software during operation for expected behavior, present the design and implementation of a monitoring component, and evaluate the model and its implementation using data from JDownloader’s multi-million member strong user base. Our evaluation finds that there had been thousands of undetected bugs, and that newly created bugs can be detected and reported 16 times faster than before.
Keywords: Continuous deployment, continuous delivery, immune system
Reference: Rechenmacher, T., Riehle, D., & Weber, M. (2020). The JDownloader Immune System for Continuous Deployment. In Proceedings of the 53rd Hawaii International Conference on System Sciences (HICSS 2020), to appear.
Abstract: Microservices are an architectural style in which each service typically provides the complete stack of functions from a user or application programming interface through a domain model all the way to storage for that model. As a consequence, querying conjunct data from different microservices becomes a non-trivial engineering task. In this article, we review older and established general data integration theory in the enterprise context and then compare current microservice practice with enterprise information integration (EII) theory as an established approach to data integration. We find that microservices do not utilize all possible approaches for data integration that are common in enterprises. Specifically, microservices use middleware only partially and databases are not used at all to integrate data. Therefore, we further investigate whether, when, and how these two approaches can be used in a microservices context and present our findings. With our findings, we (i) clear the way for fellow researchers to investigate and improve unused integration strategies with microservices and (ii) raise the awareness of practitioners that some integration strategies may not work out of the box with microservices as they do in EII.
Keywords: Microservices, data integration, enterprise Information integration, EII
Reference: Schwarz, G. & Riehle, D. (2020). What Microservices Can Learn From Enterprise Information Integration. In Proceedings of the 53rd Hawaii International Conference on System Sciences (HICSS 2020), to appear.
Abstract: Interview analysis is a technique employed in qualitative research. Researchers annotate (code) interview transcriptions, often with the help of Computer-Assisted Qualitative Data Analysis Software (CAQDAS). The tools available today largely replicate the manual process of annotation. In this article, we demonstrate how to use natural language processing (NLP) to increase the reproducibility and traceability of the process of applying codes to text data. We integrated an existing commercial machine–learning (ML) based concept extraction service into an NLP pipeline independent of domain specific rules. We applied our prototype in three qualitative studies to evaluate its capabilities of supporting researchers by providing recommendations consistent with their initial work. Unlike rule based approaches, our process can be applied to interviews from any domain, without additional burden to the researcher for creating a new ruleset. Our work using three example data sets shows that this approach shows promise for a real–life application, but further research is needed.
Reference: Kaufmann, A., Barcomb, A., & Riehle, D. (2020). Supporting Interview Analysis with Autocoding. In Proceedings of the 53rd Hawaii International Conference on System Sciences (HICSS 2020), to appear.
Abstract: When companies opt to open source their software, they may choose to offer the project to an open source foundation. Donating the software to an open source foundation offers a number of advantages, such as access to the foundation’s existing tools and project management. However, in donating the software, the company relinquishes control of the software and grants other foundation members—including competitors—the same rights to the software. Using a multiple-case study research approach, this paper examines how foundations manage conflicts of interest in the open sourcing donation scenario. We find that foundations primarily use a set of well-defined mechanisms to prevent such conflicts from arising, and that the use of these mechanisms can depend on the foundation type.
Keywords: Open source foundations, sponsored open source, commercial open source, open source software, conflicts of interest
Reference: Weikert, F., Riehle, D., & Barcomb, A. (2019). Managing Commercial Conflicts of Interest in Open Source Foundations. In Proceedings of the 10th International Conference on Software Business (ICSOB 2019). Springer Verlag, pp. 130-144.
Abstract: Virtually all software products incorporate free/libre and open source software (FLOSS) components. However, ungoverned use of FLOSS components can result in legal and nancial risks, and risks to a rm’s intellectual property. To avoid these risks, companies must govern their FLOSS use through open source governance processes and by following industry best practices. A particular challenge is license compliance. To manage the complexity of governance and compliance, companies should use tools and well-de ned processes. This paper investigates and presents industry requirements for FLOSS governance tools, followed by an evaluation of the suggested requirements. We chose eleven companies with an advanced understanding of open source governance and interviewed their FLOSS governance experts to derive a theory of industry requirements for tooling. We list tool requirements on tracking and reuse of FLOSS components, license compliance, search and selection of components, and architecture model for software products. For practical relevance, we cast our theory as a requirements speci cation for FLOSS governance tools. We then analyzed the features of leading governance tools and used this analysis to evaluate two categories of our theory: FLOSS license scanning and FLOSS components in product bills of materials.
Keywords: Open Source Software, FLOSS, FOSS, Open Source Governance, FLOSS governance tools, company requirements for FLOSS tools.
Reference: Harutyunyan, N., Bauer, A., & Riehle, D. (2019). Industry Requirements for FLOSS Governance Tools to Facilitate the Use of Open Source Software in Commercial Products. Journal of Systems and Software vol. 158 (2019), 110390.
I’m happy to report that the third article in the new Open Source Expanded column of IEEE Computer has been published.
Open Source License Compliance–Why and How?
Open Source Software, Licenses, Software Packages
Hendrik Schoettle, Osborne Clarke, Munich, Germany
Computer vol. 52, no. 8 (August 2019), pp. 63-67
Abstract: Compliance with open source software (OSS) license requirements is necessary but often overlooked. This article explains how OSS license compliance differs from compliance with commercial software licenses, why it is necessary even though OSS is generally free, and what requirements have to be met with OSS.