Abstract
Modern software architectures are becoming increasingly complex and interdependent. The days of exclusive in-house software development by companies are over. A key force contributing to this shift is the abundant use of open source frameworks, components, and libraries in software development. Over 90% of all software products include open source components. Being efficient, robust, and affordable, they often cover the non-differentiating product requirements companies have. However, the uncontrolled use of open source software in products comes with legal, engineering, and business risks stemming from incorrect software licensing, copyright issues, and supply chain vulnerabilities. While recognized by a handful of companies, this topic remains largely ignored by the industry and little studied by the academia. To address this relevant and novel topic, we undertook a 3-year research project into open source governance in companies, which resulted in a doctoral dissertation. The key results of our work include a theory of industry best practices, where we captured how more than 20 experts from 15 companies worldwide govern their corporate use of open source software. Acknowledging the broad industry relevance of our topic, we developed a handbook for open source governance that enabled practitioners from various domains to apply our findings in their companies. We conducted three evaluation case studies, where more than 40 employees at three Germany-based multinational companies applied our proposed best practices. This chapter presents the highlights of building and implementing the open source governance handbook.
Chapter PDF
Similar content being viewed by others
References
Ruffin, C., Ebert, C.: Using open source software in product development: a primer. IEEE Softw. 21(1), 82–86 (2004)
Lin, L.C.-H., Shen, N.: Copyleft referring to GPL-3.0 was cited as a defense method in Chinese intellectual property court in Beijing. Int. Free Open Source Softw. Law Rev. 10(1), 1–7, (2019)
German, D.M., Hassan, A.E.: License integration patterns: addressing license mismatches in component-based development. In Proceedings of the 31st International Conference on Software Engineering, pp. 188–198. IEEE Computer Society, Silver Spring (2009)
Merilinna, J., Matinlassi, M.: Assessing the role of open source software in the European secondary software sector: a voice from industry. In: 1st International Conference on Open Source Systems (2005)
Chen, W., Li, J., Ma, J., Conradi, R., Ji, J., Liu, C.: An empirical study on software development with open source components in the Chinese software industry. Softw. Process Improv. Practice 13(1), 89–100 (2008)
Agerfalk, P.J., Deverell, A., Fitzgerald, B., Morgan, L.: State of the art and practice of open source component integration. In: 32nd EUROMICRO Conference on Software Engineering and Advanced Applications (EUROMICRO’06), pp. 170–177. IEEE, Piscataway (2006)
Akkanen, J., Demeter, H., Eppel, T., Ivánfi, Z., Nurminen, J.K., Stenman, P.: Reusing an open source application—practical experiences with a mobile CRM pilot. In: IFIP International Conference on Open Source Systems, pp. 217–222. Springer, Berlin (2007)
Ayala, C., Hauge, Ø., Conradi, R., Franch, X., Li, J., Velle, K.S.: Challenges of the open source component marketplace in the industry. In: IFIP International Conference on Open Source Systems, pp. 213–224. Springer, Berlin (2009)
Stol, K.-J., Ali Babar, M.: Challenges in using open source software in product development: a review of the literature. In: Proceedings of the 3rd International Workshop on Emerging Trends in Free/Libre/Open Source Software Research and Development, pp. 17–22. ACM, New York (2010)
Popp, K.M.: Best Practices for commercial use of open source software: business models, processes and tools for managing open source software. BoD–Books on Demand (2015)
Helmreich, M.: Best practices of adopting open source software in closed source software products (2011)
Kemp, R.: Towards free/libre open source software governance in the organization. IFOSS L. Rev. 1 (2009)
Markus, M.L.: The governance of free/open source software projects: monolithic, multidimensional, or configurational? J. Manag. Governance 11(2), 151–163 (2007)
Gangadharan, G., D’Andrea, V., De Paoli, S., Weiss, M.: Managing license compliance in free and open source software development. Inform. Syst. Front. 14(2), 143–154 (2012)
Alspaugh, T.A., Asuncion, H.U., Scacchi, W.: Analyzing software licenses in open architecture software systems. In: Proceedings of the 2009 ICSE Workshop on Emerging Trends in Free/Libre/Open Source Software Research and Development, pp. 54–57. IEEE, Piscataway (2009)
Peters, S.: Best practices for creating an open source policy (2010)
Jansen, H.: The logic of qualitative survey research and its position in the field of social research methods. Forum Qualitative Sozialforschung/Forum: Qualitative Social Research 11(2), (2010)
Yin, R.K.: Case Study Research and Applications: Design and Methods. Sage Publications, New York (2017)
Harutyunyan, N.: Corporate Open Source Governance of Software Supply Chains. doctoralthesis, Friedrich-Alexander-Universität Erlangen-Nürnberg (FAU) (2019)
Harutyunyan, N., Riehle, D.: Getting started with floss governance and compliance: a theory of industry best practices. In: Proceedings of the 15th International Symposium on Open Collaboration, Forthcoming, 2019
Harutyunyan, N., Riehle, D.: Industry best practices for FLOSS governance and component reuse. In: Proceedings of the 24th European Conference on Pattern Languages of Programs. ACM, New York (2019)
Harutyunyan, N., Riehle, D.: Industry best practices for component approval in floss governance. In: Proceedings of the 25th European Conference on Pattern Languages of Programs. ACM, New York (2020)
Harutyunyan, N.: Managing your open source supply chain-why and how? Computer 53, 77–81 (2020)
Gobeille, R.: The FOSSology project. In: Proceedings of the International Working Conference on Mining Software Repositories, pp. 47–50. ACM, New York (2008)
Acknowledgements
This was not an individual effort. Throughout the whole research, many people supported me—my family, my friends, my colleagues, and industry partners. I want to especially thank my professor Dirk Riehle and my colleagues Ann Barcomb, Andreas Bauer, Fariba Bensing, Maximilian Capraro, Hannes Dohrn, Michael Dorner, Andreas Kaufmann, Daniel Knogl, and Georg Schwarz for their contributions to this research.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Open Access This chapter is licensed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.
The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.
Copyright information
© 2022 The Author(s)
About this chapter
Cite this chapter
Harutyunyan, N. (2022). Open Source Software Governance: Distilling and Applying Industry Best Practices. In: Felderer, M., et al. Ernst Denert Award for Software Engineering 2020. Springer, Cham. https://doi.org/10.1007/978-3-030-83128-8_5
Download citation
DOI: https://doi.org/10.1007/978-3-030-83128-8_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-83127-1
Online ISBN: 978-3-030-83128-8
eBook Packages: Computer ScienceComputer Science (R0)