Managing Your Open Source Supply Chain-Why and How?

Harutyunyan, Nikolay

doi:10.1109/mc.2020.2983530

Cited by 21 publications

(12 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In a nutshell, do not run your supplier out of business, when possible. Alternatively, make sure to get the source code in case of the supplier bankruptcy or before changing the supplier to avoid the above mentioned risk More practices on the topic of supply chain management can be found in the dissertation [19] or in our previous publication [23].…”

Section: Supply Chain Managementmentioning

confidence: 99%

Open Source Software Governance: Distilling and Applying Industry Best Practices

Harutyunyan

2022

Ernst Denert Award for Software Engineering 2020

Self Cite

View full text Add to dashboard Cite

Modern software architectures are becoming increasingly complex and interdependent. The days of exclusive in-house software development by companies are over. A key force contributing to this shift is the abundant use of open source frameworks, components, and libraries in software development. Over 90% of all software products include open source components. Being efficient, robust, and affordable, they often cover the non-differentiating product requirements companies have. However, the uncontrolled use of open source software in products comes with legal, engineering, and business risks stemming from incorrect software licensing, copyright issues, and supply chain vulnerabilities. While recognized by a handful of companies, this topic remains largely ignored by the industry and little studied by the academia. To address this relevant and novel topic, we undertook a 3-year research project into open source governance in companies, which resulted in a doctoral dissertation. The key results of our work include a theory of industry best practices, where we captured how more than 20 experts from 15 companies worldwide govern their corporate use of open source software. Acknowledging the broad industry relevance of our topic, we developed a handbook for open source governance that enabled practitioners from various domains to apply our findings in their companies. We conducted three evaluation case studies, where more than 40 employees at three Germany-based multinational companies applied our proposed best practices. This chapter presents the highlights of building and implementing the open source governance handbook.

show abstract

Section: Supply Chain Managementmentioning

confidence: 99%

Open Source Software Governance: Distilling and Applying Industry Best Practices

Harutyunyan

2022

Ernst Denert Award for Software Engineering 2020

Self Cite

View full text Add to dashboard Cite

show abstract

“…In our previous research, we proposed a set of industry best practices for corporate open source governance based on a qualitative survey of industry experts and primary materials [11,24]. We covered the following key aspects of FLOSS governance in companies: getting started with open source governance [18], inbound governance [19,21], supplier management [17], outbound governance, and general governance.…”

Section: Related Workmentioning

confidence: 99%

“…In this paper, we focus on corporate FLOSS governance, which consists of industry best practices and processes for dealing with open source use in companies [23]. To collect and publish such state-ofthe-art practices from the industry, we performed qualitative data analysis [24,11] of the 20 primary materials 2 and 21 expert interviews [17,18,19,21]. We derived our findings from the data gathered from a diverse set of companies with an advanced understanding of corporate open source governance, such as Google, Intel, Qualcomm, Microsoft, BMW, and others.…”

Section: Introductionmentioning

confidence: 99%

Getting Started with Corporate Open Source Governance: A Case Study Evaluation of Industry Best Practices

Harutyunyan

Riehle

2021

Proceedings of the Annual Hawaii International Conference on System Sciences

Self Cite

View full text Add to dashboard Cite

Open source software usage in companies is on the rise, often resulting in lower development costs, higher quality, and quick availability of code. However, using open source software in products comes with legal, business, and technical risks. Experienced companies prevent and address these risks through corporate open source governance. In our previous work, we studied how top-tier companies got started with corporate open source governance. We proposed a set of industry best practices on the topic, using the practical format of interconnected contextproblem-solution patterns. In this study, we put the proposed state-of-the-art practices to the test by evaluating their real-life application in a case study at a Germany-based multibillion-dollar corporation with products in four distinct industries and more than 17000 employees worldwide. In the course of two and a half years, we conducted 35 semi-structured employee interviews and workshops in five divisions of the company to assess the initial situation of open source governance, the process of getting started with governance following our recommendations, and the outcomes. In this paper, we report the results of this longitudinal case study by presenting the artifacts created while getting started with open source governance, as well as the transferability evaluation of the proposed best practices, both individually and collectively.

show abstract

“…These questions define a software supply chain, which may involve a surprisingly long and broad sequence of entities on the inbound side and could include third parties on the outbound side, even if your business does not apparently trade in software. A previous column by Harutyunyan 2 3 has covered all of the factors that you should take into account when choosing an FOSS component.…”

Section: The Open Source Supply Chainmentioning

confidence: 99%