FOSS Compliance Intensive Seminar June 14-15th, 2018 in Berlin (in German)

Catharina Maracke’s Software Compliance Academy writes to us:

Die Bedeutung der Open Source-Lizenzen und die Frage der Open Source Compliance hat in den vergangenen Jahren vor allem in der IT-Wirtschaft an Bedeutung gewonnen. Aber auch andere Industriezweige sehen sich zunehmend mit Fragen rund um den Einsatz von Open Source-Software konfrontiert:

  • Welche juristischen Vorgaben gilt es beim Einsatz von Open Source-Software im Unternehmen und vor allem in kommerziellen Produkten zu beachten?
  • Welche Anforderungen sind an das Lizenzmanagement zu stellen und welchen Beitrag kann ein standardisierter Lizenzmanagement Prozess (OpenChain) leisten?
  • Welche Möglichkeiten (und welche Grenzen) bieten technische Ansätze im Bereich Lizenzmanagement?

Continue reading “FOSS Compliance Intensive Seminar June 14-15th, 2018 in Berlin (in German)”

Understanding Industry Requirements for FLOSS Governance Tools

Abstract: Almost all software products today incorporate free/libre, and open source software (FLOSS) components. Companies must govern their FLOSS use to avoid potential risks to their intellectual property resulting from the use of FLOSS components. A particular challenge is license compliance. To manage the complexity of license compliance, companies should use tools and well-defined processes to perform these tasks time and cost efficiently. This paper investigates and presents common industry requirements for FLOSS governance tools, followed by an evaluation of the suggested requirements by matching them with the features of existing tools. We chose 10 industry-leading companies through polar theoretical sampling and interviewed their FLOSS governance experts to derive a theory of industry needs and requirements for tooling. We then analyzed the features of a governance tools sample and used this analysis to evaluate two categories of our theory: FLOSS license scanning and FLOSS in product bills of materials. The result is a list of FLOSS governance requirements based on our qualitative study of the industry, evaluated using the existing governance tool features. For higher practical relevance, we cast our theory as a requirements specification for FLOSS governance tools.

Keywords: Open Source Software, FLOSS, FOSS, Open Source Governance, FLOSS governance tools, company requirements for FLOSS tools

Reference: Nikolay Harutyunyan, Andreas Bauer, and Dirk Riehle. 2018. Understanding Industry Requirements for FLOSS Governance Tools. In OSS ’18: 14th International Conference on Open Source Systems, June 8-10, 2018, Athens, Greece. Springer, IFIP Advances in Information and Communication Technology, 12 pages.

A preprint of the paper is available here as a PDF file.

Why Companies Don’t Always Free-ride on Open Source Projects

I presented on open source foundations earlier this week to economist friends at TU Munich. I naturally got the question about freeriding: Why does anyone contribute to open source projects, if they could do something else with their time? The cinch: This time we are talking about companies, not invididual people, so the arguments about altruism and signaling don’t apply. So, why do companies contribute and don’t just freeride? I don’t think this question has been answered well yet in economics, and I’m not sure established theory has a ready answer.

To make it short: I believe the most direct reason why companies contribute to open source projects is to lower their cost of consumption of that very project. Specifically, contributing to a project builds competence in that project, and employing committers builds additional foresight and influence. General compentence makes the company use the software more effectively, avoiding costly bugs and rework. Foresight and influence helps the company avoid misalignment of their products with the evolving open source software they depend on. Such misalignment can also lead to costly rework and missed market opportunities.

I’m not aware of any RoI model that helps an engineering manager determine how much to contribute to achieve how much lower consumption costs and risks. Because of the step function from contributor to committer status for the involved employees, the investment return is not a linear function, that much we can say. The rest remains imperfect science for now.

Continue reading “Why Companies Don’t Always Free-ride on Open Source Projects”

License Clearance in Software Product Governance

I recently participated in an NII Shonan workshop on open source ecosystems. As a follow-up, we are preparing a book of articles. I’m contributing a chapter on “license clearance in software product governance”. Obviously, open source plays an important role. Please find abstract and paper below.

Abstract: Almost all software products today include open source components. However, the obligations that open source licenses put on their users can be difficult or undesirable to comply with [25] [14] [20]. As a consequence, software vendors and related companies need to govern the process by which open source components are included in their products [21] [7]. A key process of such open source governance is license clearance, that is, the process by which a company decides whether a particular component’s license is acceptable for use in its products [19] [4] [15]. In this article, we discuss this process, review the challenges it poses to software vendors and provide unanswered research questions that result from it.

Read the full paper as HTML or as a PDF. The final reference will be announced once the book has been published.

Costs of no or Poor Open Source Governance

When talking with companies about the use of open source, sooner or later we end up discussing the problem of license compliance. This is perhaps the most prominent aspect of open source governance for companies getting started with using open source. It can be surprisingly difficult to coherently explain the cause and effect chains that create the potentially high costs of not properly governing your open source engagement!

So here then is my take at teasing it apart.

Continue reading “Costs of no or Poor Open Source Governance”

Register now for Forum Open Source 2017

On June 20th, the the 2017 Bitkom Open Source Forum will take place in Berlin. In my opinion, this is the best vendor-neutral opportunity in Germany to meet and listen to open source experts and how open source is shaping the German and international software industry. I will present my main blockbuster talk on

why software vendors, large and small, “give away their intellectual property” by contributing to an open source project.

Essentially, I will be talking about the business models and industry strategies underlying contribution to and leadership of open source projects, platforms, and foundations. Participation is free, even for non-members, and I recommend you register early (by email) to make sure you get a seat at the table.

Why on Earth?! Why Product Vendors Invest in Open Source Software (Upcoming Talk, in German)

I give industry talks about every other week and stopped advertising them long ago. This one, however, may be of broad interest. I will talk about the economics of strategically creating and leading open source projects at the June 20th, 2017, Open Source Forum of Bitkom in Berlin. Title and abstract below, event details to follow. Subscribe to this blog to stay on top of things!

Title: Was soll das eigentlich? Warum Produkthersteller in Open-Source-Software investieren

Abstract: Intel, Oracle, Fujitsu und andere nehmen Millionen US-Dollar in die Hand, um Linux und verwandte Software zu finanzieren und wir alle nutzen die Software kostenlos. IBM nahm Millionen US-Dollar in die Hand, um die Eclipse Foundation zu starten, nur um ihre späteren Produkte auf eine andere technische Basis zu stelllen. Weitere Unternehmen würden gern signifikant Geld ausgeben, von dem wir alle profitieren, man lässt sie nur nicht, weil sie zu spät an den Tisch kamen. Warum nur? Dieser Vortrag schildert die ökonomischen Grundlagen und strategischen Ziele, welche Unternehmen haben, wenn sie Open-Source-Software nicht nur nutzen, sondern strategisch etablieren und führen wollen. Continue reading “Why on Earth?! Why Product Vendors Invest in Open Source Software (Upcoming Talk, in German)”