The Missed Opportunity in Defining Open Source #OpenCoreSummit

I’m at my Ph.D. student retreat, following the Open Core Summit, a commercial conference on the use of open source strategies by product vendors, on Twitter. From afar, it appears that the attack on the definition of open source has made it to the conference. This is regrettable, but possible because of a root problem with the open source definition as defined by the Open Source Initiative (OSI): It is about the licenses only. Only on the side, in the open source initiative’s mission statement does it say something about process:

Continue reading “The Missed Opportunity in Defining Open Source #OpenCoreSummit”

Industry Best Practices for Corporate Open Sourcing (HICSS 53)

Abstract: Companies usually don’t share the source code for the software they develop. While this approach is justified in software that constitutes differentiating intellectual property, proprietary development can lead to redundant development and other opportunity costs. In response, companies are increasingly open sourcing some if not all of their non-differentiating software. Given the limited academic research on this emerging topic, we bridge the gap between industry and academia by taking a practice-based approach. We investigate why and how companies engage in corporate open sourcing. We take an exploratory case study approach. Our cases are four companies with multi-billion-dollar revenues each: A major e-commerce company based in Germany; a leading social networking service company based in the USA; a cloud computing software company based in the USA; and a manufacturing and media software company based in the USA. We present the resulting theory in an actionable format of state-of-the-art best practice patterns.

Reference: Harutyunyan, N., Riehle, D., & Sathya, G. (2020). Industry Best Practices for Corporate Open Sourcing. In Proceedings of the 53rd Hawaii International Conference on System Sciences (HICSS 2020), to appear.

Download: The paper is available as a PDF file.

Managing Commercial Conflicts of Interest in Open Source Foundations (ICSOB 2019)

Abstract: When companies opt to open source their software, they may choose to offer the project to an open source foundation. Donating the software to an open source foundation offers a number of advantages, such as access to the foundation’s existing tools and project management. However, in donating the software, the company relinquishes control of the software and grants other foundation members—including competitors—the same rights to the software. Using a multiple-case study research approach, this paper examines how foundations manage conflicts of interest in the open sourcing donation scenario. We find that foundations primarily use a set of well-defined mechanisms to prevent such conflicts from arising, and that the use of these mechanisms can depend on the foundation type.

Keywords: Open source foundations, sponsored open source, commercial open source, open source software, conflicts of interest

Reference: Weikert, F., Riehle, D., & Barcomb, A. (2019). Managing Commercial Conflicts of Interest in Open Source Foundations. In Proceedings of the 10th International Conference on Software Business (ICSOB 2019). Springer Verlag.

The paper is available as a PDF file.

Industry Requirements for FLOSS Governance Tools to Facilitate the Use of Open Source Software in Commercial Products

Abstract: Virtually all software products incorporate free/libre and open source software (FLOSS) components. However, ungoverned use of FLOSS components can result in legal and nancial risks, and risks to a rm’s intellectual property. To avoid these risks, companies must govern their FLOSS use through open source governance processes and by following industry best practices. A particular challenge is license compliance. To manage the complexity of governance and compliance, companies should use tools and well-de ned processes. This paper investigates and presents industry requirements for FLOSS governance tools, followed by an evaluation of the suggested requirements. We chose eleven companies with an advanced understanding of open source governance and interviewed their FLOSS governance experts to derive a theory of industry requirements for tooling. We list tool requirements on tracking and reuse of FLOSS components, license compliance, search and selection of components, and architecture model for software products. For practical relevance, we cast our theory as a requirements speci cation for FLOSS governance tools. We then analyzed the features of leading governance tools and used this analysis to evaluate two categories of our theory: FLOSS license scanning and FLOSS components in product bills of materials.

Keywords: Open Source Software, FLOSS, FOSS, Open Source Governance, FLOSS governance tools, company requirements for FLOSS tools.

Reference: Harutyunyan, N., Bauer, A., & Riehle, D. (2019). Industry Requirements for FLOSS Governance Tools to Facilitate the Use of Open Source Software in Commercial Products. Journal of Systems and Software vol. 158 (2019), 110390.

A preprint of the paper is available as a PDF file. This article is an expanded version, per invitation, of our OSS 2018 paper.

Why Self-Enlightened Contribution to Open Source Projects is Difficult

Self-enlightened contributions to open source projects are (code) contributions that come about because a company chooses to contribute. The opposite is forced open sourcing, which typically happens when a reciprocal license like the GPLv2 forces a company to lay open some source code.

Self-enlightened contribution is hard!

Continue reading “Why Self-Enlightened Contribution to Open Source Projects is Difficult”

Open Source License Compliance–Why and How? (Hendrik Schoettle, IEEE Computer Column)

I’m happy to report that the third article in the new Open Source Expanded column of IEEE Computer has been published.

TitleOpen Source License Compliance–Why and How?
KeywordsOpen Source Software, Licenses, Software Packages
AuthorsHendrik Schoettle, Osborne Clarke, Munich, Germany
PublicationComputer vol. 52 (August 2019), pp. 63-67

Abstract: Compliance with open source software (OSS) license requirements is necessary but often overlooked. This article explains how OSS license compliance differs from compliance with commercial software licenses, why it is necessary even though OSS is generally free, and what requirements have to be met with OSS.

As always, the article is freely available (local copy).

Also, check out the full list of articles.

Triple-Licensing Single-Vendor Open Source Components (Illustrated)

I thought I’d illustrate how I’d solve the current licensing conundrum of single-vendor open source firms like MongoDB and Elastic using some graphics. In short: While open source application vendors can still dual-license, open source component vendors (like the companies just mentioned) need to triple-license to get the benefits of open source yet keep their competitors at bay.

Continue reading “Triple-Licensing Single-Vendor Open Source Components (Illustrated)”

Open Source License Compliance in Software Supply Chains

Abstract: Almost all software products today include open-source components. However, the obligations that open-source licenses put on their users can be difficult or undesirable to comply with. As a consequence, software vendors and related companies need to govern the process by which open-source components are included in their products. A key process of such open-source governance is license clearance, that is, the process by which a company decides whether a particular component’s license is acceptable for use in its products. In this article, we discuss this process, review the challenges it poses to software vendors, and provide unanswered research questions that result from it.

Keywords: Open source licenses, open source license compliance, software supply chain, product model

Reference: Riehle, D., & Harutyunyan, N. (2019). Open-Source License Compliance in Software Supply Chains. In Fitzgerald B., Mockus A., Zhou M. (eds) Towards Engineering Free/Libre Open Source Software (FLOSS) Ecosystems for Impact and Sustainability. Springer, Singapore, pp. 83-95.

A preprint of the paper is available as a PDF file and as a web page. Alternatively, you can pay Springer for the final version.

Getting Started with FLOSS Governance and Compliance in Companies (OpenSym 2019)

Abstract: Commercial use of open source software is on the rise as more companies realize the benefits of using FLOSS components in their products. At the same time, the ungoverned use of such components can result in legal, financial, intellectual property, and other risks. To mitigate these risks, companies must govern their use of open source through appropriate processes. This paper presents an initial theory of industry best practices on getting started with open source governance and compliance, focusing on private companies. Through a qualitative survey, we conducted and analyzed 15 expert interviews in companies with advanced capabilities in open source governance. We also studied practitioner reports on existing practices for introducing FLOSS governance processes. We cast our resulting initial theory in the actionable format of best practice patterns that, when combined, form a practical handbook of getting started with FLOSS governance in private companies.

Continue reading “Getting Started with FLOSS Governance and Compliance in Companies (OpenSym 2019)”