IEEE’s Computing Edge magazine is a practitioner-oriented publication that republishes particularly popular content from other IEEE publications. In the April 2020 issue, they republished last year’s The Innovations of Open Source article that I wrote to open the Computer magazine’s Open Source Expanded bimonthly column.
Abstract: This article present a particular business model for commercial open source firms, called the single-vendor open source model. This model has long dominated venture capital funding for open source software firms, contributing to the long-term sustainability of open source. As such, it is of high economic relevance. It is also an excellent example to show how open source licensing and related strategies really are just tools in the design of a business model and not philosophies.
Abstract: We draw on the concept of episodic volunteering (EV) from the general volunteering literature to identify practices for managing EV in free/libre/open source software (FLOSS) communities. Infrequent but ongoing participation is widespread, but the practices that community managers are using to manage EV, and their concerns about EV, have not been previously documented. We conducted a policy Delphi study involving 24 FLOSS community managers from 22 different communities. Our panel identified 16 concerns related to managing EV in FLOSS, which we ranked by prevalence. We also describe 65 practices for managing EV in FLOSS. Almost three-quarters of these practices are used by at least three community managers. We report these practices using a systematic presentation that includes context, relationships between practices, and concerns that they address. These findings provide a coherent framework that can help FLOSS community managers to better manage episodic contributors.
Keywords: Best practices, community management, episodic volunteering, free software, open source software
Reference: Barcomb, A., Stol, KJ, Fitzgerald, B., & Riehle, D. (2022). Managing Episodic Volunteers in Free/Libre/Open Source Software Communities. IEEE Transactions on Software Engineering vol. 48, no. 1 (January 2022), pp. 260-277.
Software vendors need to manage the dependencies of the open source components used in their products. Without this management, license compliance would be impossible, export restrictions could not be maintained, and security vulnerabilities would remain unknown to the vendor. The management of these dependencies has grown in an ad-hoc fashion in most companies. As such, vendors find it hard to learn from each other and improve practices. To address this problem, we performed exploratory single-case study research at one large established software vendor. We gathered and analyzed the key challenges of tracking and documenting open source dependencies in products. We wanted to understand whether these ad-hoc solutions could be based on a single unified conceptual model for managing dependencies. Our study suggests that underlying the various point solutions that we found at this vendor lies a conceptual model that we tentatively call the product (architecture) model. In future cross-vendor work, we will investigate whether this conceptual model can be expanded to become a unifying model for all open source dependency management.
Companies without expertise in software development can opt to form consortia to develop open source software to meet their needs, as an alternative to the build-or-buy decision. Such user-led foundations are little understood, due to a limited number of published examples. In particular, almost nothing is known about the ecosystems surrounding user-led foundations. Our work seeks to address this gap, through an exploratory qualitative survey of openKONSEQUENZ, from the German energy sector. We find that the technological goals are quite homogeneous, independent of a participant’s role in the ecosystem, but that economic conflicts exist between foundation members and supplier companies due to the consortium’s efforts to transform the software market structure to limit dependency on specific vendors.
Abstract: Pattern discovery, the process of discovering previously unrecognized patterns, is usually performed as an ad-hoc process with little resulting certainty in the quality of the proposed patterns. Pattern validation, the process of validating the accuracy of proposed patterns, has rarely gone beyond the simple heuristic of “the rule of three”. This article shows how to use established scientific research methods for the purpose of pattern discovery and validation. The result is an approach to pattern discovery and validation that can provide the same certainty that traditional scientific research methods can provide for the theories they are used to validate. This article describes our approach and explores its usefulness for pattern discovery and evaluation in a series of studies.
Keywords: Patterns, pattern discovery, pattern validation, theory codification, theory building and evaluation, research design
Reference: Riehle, D., Harutyunyan, N., & Barcomb, A. (2020). Pattern Discovery and Validation Using Scientific Research Methods. Friedrich-Alexander-Universität Erlangen-Nürnberg, Dept. of Computer Science, Technical Reports, CS-2020-01, February 2020.
Abstract: Corporate use of open source in software products is on the rise. While this brings a number of technological and business benefits to companies, it also comes with potential legal and financial risks caused by license non-compliance and ungoverned use of open source components. Companies address these threats with free/libre and open source software (FLOSS) governance – internal guidelines and processes for using open source components in products. An essential aspect of FLOSS governance is component reuse and component repository, which enable efficient governance for the previously used components by the company’s developers. In our study, we aimed to identify the current industry best practices for FLOSS governance and component reuse. We conducted 15 expert interviews in companies with high governance maturity, analyzed these interviews and derived 19 best practices cast in the pattern format of context-problem-solution. The format was inspired by design patterns and enables higher applicability of our research results by practitioners. The 19 best practices form a handbook on FLOSS governance and component reuse that also includes workflows connecting the individual practices into process templates.
Keywords: Open Source Software, FLOSS, FOSS, Open Source Governance, Best Practice, Commercial Use of Open Source, Component Repository, Component Reuse, Industry Best Practice, Introduction of FLOSS in Companies, Pattern, Pattern Language
Reference: Harutyunyan, N., & Riehle D. (2019). Industry Best Practices for FLOSS Governance and Component Reuse. In Proceedings of the 24th European Conference on Pattern Languages of Programs (EuroPLoP 2019). ACM, article no. 21.
Abstract: Companies usually don’t share the source code for the software they develop. While this approach is justified in software that constitutes differentiating intellectual property, proprietary development can lead to redundant development and other opportunity costs. In response, companies are increasingly open sourcing some if not all of their non-differentiating software. Given the limited academic research on this emerging topic, we bridge the gap between industry and academia by taking a practice-based approach. We investigate why and how companies engage in corporate open sourcing. We take an exploratory case study approach. Our cases are four companies with multi-billion-dollar revenues each: A major e-commerce company based in Germany; a leading social networking service company based in the USA; a cloud computing software company based in the USA; and a manufacturing and media software company based in the USA. We present the resulting theory in an actionable format of state-of-the-art best practice patterns.
Reference: Harutyunyan, N., Riehle, D., & Sathya, G. (2020). Industry Best Practices for Corporate Open Sourcing. In Proceedings of the 53rd Hawaii International Conference on System Sciences (HICSS 2020), pp. 5849-5858.
Abstract: Continuous deployment can reduce the time from a source code change to a newly deployed application significantly. Increased innovation speed can make all the difference in a competitive market situation. However, deploying at high frequency requires high speeds of discovering bugs in the deployed software. Using the JDownloader file download manager as our example, we present a fitness model to evaluate a continuously deployed software during operation for expected behavior, present the design and implementation of a monitoring component, and evaluate the model and its implementation using data from JDownloader’s multi-million member strong user base. Our evaluation finds that there had been thousands of undetected bugs, and that newly created bugs can be detected and reported 16 times faster than before.
Keywords: Continuous deployment, continuous delivery, immune system
Reference: Rechenmacher, T., Riehle, D., & Weber, M. (2020). The JDownloader Immune System for Continuous Deployment. In Proceedings of the 53rd Hawaii International Conference on System Sciences (HICSS 2020), pp. 6559-6568.
Abstract: Microservices are an architectural style in which each service typically provides the complete stack of functions from a user or application programming interface through a domain model all the way to storage for that model. As a consequence, querying conjunct data from different microservices becomes a non-trivial engineering task. In this article, we review older and established general data integration theory in the enterprise context and then compare current microservice practice with enterprise information integration (EII) theory as an established approach to data integration. We find that microservices do not utilize all possible approaches for data integration that are common in enterprises. Specifically, microservices use middleware only partially and databases are not used at all to integrate data. Therefore, we further investigate whether, when, and how these two approaches can be used in a microservices context and present our findings. With our findings, we (i) clear the way for fellow researchers to investigate and improve unused integration strategies with microservices and (ii) raise the awareness of practitioners that some integration strategies may not work out of the box with microservices as they do in EII.
Keywords: Microservices, data integration, enterprise Information integration, EII
Reference: Schwarz, G. & Riehle, D. (2020). What Microservices Can Learn From Enterprise Information Integration. In Proceedings of the 53rd Hawaii International Conference on System Sciences (HICSS 2020), pp. 5513-5522.