Industry Best Practices for Component Approval in FLOSS Governance

Harutyunyan N, Riehle D (2020)


Publication Language: English

Publication Type: Conference contribution, Original article

Publication year: 2020

Publisher: ACM

Event location: Virtual DE

URI: https://oss.cs.fau.de/wp-content/uploads/2021/01/europlop-2020-harutyunyan-riehle.pdf

DOI: 10.1145/3424771.3424791

Abstract

Increasingly companies realize the value of using free/libre and open source software (FLOSS) in their products, but need to manage the associated risks. Leading companies introduce open source governance as a solution. A key aspect of corporate FLOSS governance deals with choosing and evaluating open source components for use in products. Following an industry-based research approach, we present 13 best practices in the pattern format of context-problem-solutions paired with consequences. In this paper, we cover an excerpt of the Component Approval section of our FLOSS governance handbook. This article builds upon our previous EuroPLoP publication covering Component Reuse in FLOSS governance processes, as well as other publications on the topic. Analyzing qualitative data gathered from 15 expert interviews, we derive and interconnect the common industry recommendations for reviewing, tracking, and approving open source components in a company environment. We conclude by presenting workflow templates that put various best practices in relation to each other.

Authors with CRIS profile

How to cite

APA:

Harutyunyan, N., & Riehle, D. (2020). Industry Best Practices for Component Approval in FLOSS Governance. In Proceedings of the 25th European Conference on Pattern Languages of Programs, EuroPLoP ’20. Virtual, DE: ACM.

MLA:

Harutyunyan, Nikolay, and Dirk Riehle. "Industry Best Practices for Component Approval in FLOSS Governance." Proceedings of the 25th European Conference on Pattern Languages of Programs, EuroPLoP ’20, Virtual ACM, 2020.

BibTeX: Download