Challenges of Tracking and Documenting Open Source Dependencies in Products: A Case Study

Bauer A, Harutyunyan N, Riehle D, Schwarz GD (2020)

Publication Language: English

Publication Type: Conference contribution, Original article

Publication year: 2020

Publisher: Springer

Conference Proceedings Title: Proceedings of the 16th International Conference on Open Source Systems 2020 (OSS 2020)

Event location: Innopolis, Russia RU

ISBN: 978-3-030-47240-5

URI: https://oss.cs.fau.de/wp-content/uploads/2020/05/Challenges_of_Tracking_and_Documenting_Open_Source_Dependencies_in_Products_A_Case_Study.pdf

DOI: 10.1007/978-3-030-47240-5_3

Abstract

Software vendors need to manage the dependencies of the open source components used in their products. Without this management, license compliance would be impossible, export restrictions could
not be maintained, and security vulnerabilities would remain unknown to the vendor.

The management of these dependencies has grown in an ad-hoc fashion in most companies. As such, vendors find it hard to learn from each other and improve practices.

To address this problem, we performed exploratory single-case study research at one large established software vendor. We gathered and analyzed the key challenges of tracking and documenting open source de-
pendencies in products. We wanted to understand whether these ad-hoc solutions could be based on a single unified conceptual model for managing dependencies.

Our study suggests that underlying the various point solutions that we found at this vendor lies a conceptual model that we tentatively call the product (architecture) model. In future cross-vendor work, we will
investigate whether this conceptual model can be expanded to become a unifying model for all open source dependency management.

Authors with CRIS profile

Andreas Bauer Professur für Open Source Software Nikolay Harutyunyan Professur für Open Source Software Dirk Riehle Professur für Open Source Software Georg-Daniel Schwarz Professur für Open Source Software

How to cite

APA:

Bauer, A., Harutyunyan, N., Riehle, D., & Schwarz, G.-D. (2020). Challenges of Tracking and Documenting Open Source Dependencies in Products: A Case Study. In Alberto Sillitti, Artem Kruglov, Giancarlo Succi, Sergey Masyagin, Vladimir Ivanov (Eds.), Proceedings of the 16th International Conference on Open Source Systems 2020 (OSS 2020). Innopolis, Russia, RU: Springer.

MLA:

Bauer, Andreas, et al. "Challenges of Tracking and Documenting Open Source Dependencies in Products: A Case Study." Proceedings of the OSS 2020: 16th International Conference on Open Source Systems, Innopolis, Russia Ed. Alberto Sillitti, Artem Kruglov, Giancarlo Succi, Sergey Masyagin, Vladimir Ivanov, Springer, 2020.

BibTeX: Download