Understanding Industry Requirements for FLOSS Governance Tools

  • Nikolay HarutyunyanEmail author
  • Andreas Bauer
  • Dirk Riehle
Conference paper
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 525)


Almost all software products today incorporate free/libre, and open source software (FLOSS) components. Companies must govern their FLOSS use to avoid potential risks to their intellectual property resulting from the use of FLOSS components. A particular challenge is license compliance. To manage the complexity of license compliance, companies should use tools and well-defined processes to perform these tasks time and cost efficiently. This paper investigates and presents common industry requirements for FLOSS governance tools, followed by an evaluation of the suggested requirements by matching them with the features of existing tools.

We chose 10 industry leading companies through polar theoretical sampling and interviewed their FLOSS governance experts to derive a theory of industry needs and requirements for tooling. We then analyzed the features of a governance tools sample and used this analysis to evaluate two categories of our theory: FLOSS license scanning and FLOSS in product bills of materials. The result is a list of FLOSS governance requirements based on our qualitative study of the industry, evaluated using the existing governance tool features. For higher practical relevance, we cast our theory as a requirements specification for FLOSS governance tools.


Open source software FLOSS FOSS Open source governance FLOSS governance tools Company requirements for FLOSS tools 



We would like to thank Hannes Dohrn, Michael Dorner, Maximilian Capraro, Andreas Kaufmann and Shushanik Hakobyan for their generous feedback that helped us improve our paper. We would also like to thank our industry partners that provided their valuable time and expertise for this research project.


  1. 1.
    Aksulu, A., Wade, M.: A comprehensive review and synthesis of open source research. J. Assoc. Inf. Syst. 11(11), 576 (2010)Google Scholar
  2. 2.
    Black Duck Software: 2017 Open Source Security and risk analysis. Center for Open Source Research & Innovation. In: (self-published white paper) (2017)Google Scholar
  3. 3.
    Bonaccorsi, A., Rossi, C.: Why open source software can succeed. Res. Policy 32(7), 1243–1258 (2003)CrossRefGoogle Scholar
  4. 4.
    Capra, E., Francalanci, C., Merlo, F.: An empirical study on the relationship between software design quality, development effort and governance in open source projects. IEEE Trans. Softw. Eng. 34(6), 765–782 (2008)CrossRefGoogle Scholar
  5. 5.
    Charmaz, K.: Constructing Grounded Theory. Sage, Thousand Oaks (2014)Google Scholar
  6. 6.
    Corbin, J., Strauss, A.: Basics of Qualitative Research: Techniques and Procedures for Developing Grounded Theory. Sage Publications, Thousand Oaks (2014)Google Scholar
  7. 7.
    Cruz, D., Wieland, T., Ziegler, A.: Evaluation criteria for free/open source software products based on project analysis. Softw. Process Improv. Pract. 11(2), 107–122 (2006)CrossRefGoogle Scholar
  8. 8.
    Deprez, J.-C., Alexandre, S.: Comparing assessment methodologies for free/open source software: OpenBRR and QSOS. In: Jedlitschka, A., Salo, O. (eds.) PROFES 2008. LNCS, vol. 5089, pp. 189–203. Springer, Heidelberg (2008). Scholar
  9. 9.
    Deshpande, A., Riehle, D.: The total growth of open source. In: Russo, B., Damiani, E., Hissam, S., Lundell, B., Succi, G. (eds.) OSS 2008. ITIFIP, vol. 275, pp. 197–209. Springer, Boston, MA (2008). Scholar
  10. 10.
    Emde, C., Jaeger, T.: Open source license obligations checklists (version 5). In: Open Source Automation Development Lab (self-published white paper) (2017)Google Scholar
  11. 11.
    European Commission: The economic and social impact of software & services on competitiveness and innovation (SMART 2015/0015). Publications Office of the European Union, Luxembourg, pp. 197–198 (2017)Google Scholar
  12. 12.
    Fitzgerald, B.: The transformation of open source software. MIS Q. 30(3), 587–598 (2006)CrossRefGoogle Scholar
  13. 13.
    Gangadharan, G.R., De Paoli, S., D’Andrea, V., Weiss, M.: License compliance issues in free and open source software. In: MCIS 2008 Proceedings, vol. 2 (2008)Google Scholar
  14. 14.
    Gangadharan, G.R., D’andrea, V., De Paoli, S., Weiss, M.: Managing license compliance in free and open source software development. Inf. Syst. Front. 14(2), 143–154 (2012)CrossRefGoogle Scholar
  15. 15.
    German, D.M., Hassan, A.E.: License integration patterns: Addressing license mismatches in component-based development. In: Proceedings of the 31st International Conference on Software Engineering, pp. 188–198. IEEE Computer Society, May 2009Google Scholar
  16. 16.
    German, D.M., Di Penta, M., Davies, J.: Understanding and auditing the licensing of open source software distributions. In: 2010 IEEE 18th International Conference on Program Comprehension (ICPC), pp. 84–93. IEEE, June 2010Google Scholar
  17. 17.
    German, D.M., Manabe, Y., Inoue, K.: A sentence-matching method for automatic license identification of source code files. In: Proceedings of the IEEE/ACM International Conference on Automated Software Engineering, pp. 437–446. ACM, September 2010Google Scholar
  18. 18.
    Gobeille, R.: The fossology project. In: Proceedings of the 2008 International Working Conference on Mining Software Repositories, pp. 47–50. ACM, May 2008Google Scholar
  19. 19.
    Hammond, J., Santinelli, P., Billings, J.J., Ledingham, B.: The tenth annual future of open source survey. In: Black Duck Software (2016). (self-published presentation)Google Scholar
  20. 20.
    Hauge, Ø., Ayala, C., Conradi, R.: Adoption of open source software in software-intensive organizations–A systematic literature review. Inf. Softw. Technol. 52(11), 1133–1154 (2010)CrossRefGoogle Scholar
  21. 21.
    Helmreich, M.: Best practices of adopting open source software in closed source software products. In: (Doctoral dissertation, Diplomarbeit, Friedrich-Alexander-Universität Erlangen-Nürnberg) (2011)Google Scholar
  22. 22.
    Hummel, O., Janjic, W., Atkinson, C.: Code conjurer: pulling reusable software out of thin air. IEEE Softw. 25(5), 45–52 (2008)CrossRefGoogle Scholar
  23. 23.
    Kaufmann, A., Riehle, D.: The QDAcity-RE method for structural domain modeling using qualitative data analysis. Requirements Eng. 1–18 (2017)Google Scholar
  24. 24.
    von Krogh, G., Spaeth, S., Haefliger, S.: Knowledge reuse in open source software: An exploratory study of 15 open source projects. In: 2005 Proceedings of the 38th Annual Hawaii International Conference on System Sciences, HICSS 2005 p. 198b. IEEE, January 2005Google Scholar
  25. 25.
    Von Krogh, G., Von Hippel, E.: The promise of research on open source software. Manage. Sci. 52(7), 975–983 (2006)CrossRefGoogle Scholar
  26. 26.
    De Laat, P.B.: Governance of open source software: state of the art. J. Manage. Governance 11(2), 165–177 (2007)CrossRefGoogle Scholar
  27. 27.
    Lakhani, K.R., Von Hippel, E.: How open source software works:“free” user-to-user assistance. Res. Policy 32(6), 923–943 (2003)CrossRefGoogle Scholar
  28. 28.
    Lattemann, C., Stieglitz, S.: Framework for governance in open source communities. In: 2005 Proceedings of the 38th Annual Hawaii International Conference on System Sciences, HICSS 2005, p. 192a. IEEE, January 2005Google Scholar
  29. 29.
    Lombard, M., Snyder-Duch, J., Bracken, C.C.: Content analysis in mass communication: assessment and reporting of intercoder reliability. Hum. Commun. Res. 28(4), 587–604 (2002)CrossRefGoogle Scholar
  30. 30.
    OpenChain Specification (2018).
  31. 31.
    Di Penta, M., German, D.M., Antoniol, G.: Identifying licensing of jar archives using a code-search approach. In: 2010 7th IEEE Working Conference on Mining Software Repositories (MSR), pp. 151–160. IEEE, May 2010Google Scholar
  32. 32.
    Popp, K.M.: Best practices for commercial use of open source software. In: Business Models, Processes and Tools for Managing Open Source Software. BoD–Books on Demand (2015)Google Scholar
  33. 33.
    Radcliffe, M., Odence, P.: The 2017 open source year in review. Black Duck Software, DLA Piper. (self-published presentation) (2017)Google Scholar
  34. 34.
    Riehle, D.: The economic motivation of open source software: stakeholder perspectives. Computer 40(4), 25–32 (2007)CrossRefGoogle Scholar
  35. 35.
    Riehle, D.: The commercial open source business model. In: Nelson, M.L., Shaw, M.J., Strader, T.J. (eds.) AMCIS 2009. LNBIP, vol. 36, pp. 18–30. Springer, Heidelberg (2009). Scholar
  36. 36.
    Riehle, D.: Controlling and steering open source projects. IEEE Comput. 44(7), 93–96 (2011)CrossRefGoogle Scholar
  37. 37.
    Riehle, D., Lempetzeder, B.: Erfolgsmethoden der Open-Source-Governance und-Compliance. In: Friedrich-Alexander-Universität Erlangen-Nürnberg (FAU) (2014)Google Scholar
  38. 38.
    Riehle, D., Harutyunyan, N.: License clearance in software product governance. In: NII Shonan (2017)Google Scholar
  39. 39.
    Ruffin, C., Ebert, C.: Using open source software in product development: a primer. IEEE Softw. 21(1), 82–86 (2004)CrossRefGoogle Scholar
  40. 40.
    Sadowski, B.M., Sadowski-Rasters, G., Duysters, G.: Transition of governance in a mature open software source community: Evidence from the debian case. Inf. Econ. Policy 20(4), 323–332 (2008)CrossRefGoogle Scholar
  41. 41.
    Semeteys, R.: Method for qualification and selection of open source software. In: Open Source Business Resource, May 2008Google Scholar
  42. 42.
    Software Package Data Exchange (SPDX) (2018).
  43. 43.
    Sowe, S.K., Stamelos, I., Angelis, L.: Understanding knowledge sharing activities in free/open source software projects: an empirical study. J. Syst. Softw. 81(3), 431–446 (2008)CrossRefGoogle Scholar
  44. 44.
    Tools for Managing Open Source Programs (2018).
  45. 45.
    Umarji, M., Sim, S.E., Lopes, C.: Archetypal internet-scale source code searching. In: Russo, B., Damiani, E., Hissam, S., Lundell, B., Succi, G. (eds.) OSS 2008. ITIFIP, vol. 275, pp. 257–263. Springer, Boston, MA (2008). Scholar
  46. 46.
    Wang, H., Wang, C.: Open source software adoption: a status report. IEEE Softw. 18(2), 90–95 (2001)CrossRefGoogle Scholar

Copyright information

© IFIP International Federation for Information Processing 2018

Authors and Affiliations

  • Nikolay Harutyunyan
    • 1
    Email author
  • Andreas Bauer
    • 1
  • Dirk Riehle
    • 1
  1. 1.Friedrich-Alexander University Erlangen-NürnbergErlangenGermany

Personalised recommendations