Open Data Standards for Open Source Software Risk Management Routines: An Examination of SPDX

dc.contributor.authorGandhi, Robin
dc.contributor.authorGermonprez, Matt
dc.contributor.authorLink, Georg J.P.
dc.date.accessioned2023-03-17T22:48:50Z
dc.date.available2023-03-17T22:48:50Z
dc.date.issued2018
dc.description.abstractAs the organizational use of open source software (OSS) increases, it requires the adjustment of organizational routines to manage new OSS risk. These routines may be influenced by community-developed open data standards to explicate, analyze, and report OSS risks. Open data standards are co-created in open communities for unifying the exchange of information. The SPDX® specification is such an open data standard to explicate and share OSS risk information. The development and subsequent adoption of SPDX raises the questions of how organizations make sense of SPDX when improving their own risk management routines, and of how a community benefits from the experiential knowledge that is contributed back by organizational adopters. To explore these questions, we conducted a single case, multi-component field study, connecting with members of organizations that employed SPDX. The results of this study contribute to understanding the development and adoption of open data standards within open source environments.en
dc.identifier.doi10.1145/3148330.3148333
dc.identifier.urihttps://dl.eusset.eu/handle/20.500.12015/4545
dc.language.isoen
dc.publisherAssociation for Computing Machinery
dc.relation.ispartofProceedings of the 2018 ACM International Conference on Supporting Group Work
dc.subjectcase study
dc.subjectrisk management
dc.subjectstandardization
dc.subjectopen source software
dc.subjectinterviews
dc.subjectpractice theory
dc.subjectroutines
dc.titleOpen Data Standards for Open Source Software Risk Management Routines: An Examination of SPDXen
dc.typeText/Conference Paper
gi.citation.startPage219–229
gi.citations.count8
gi.citations.elementTianjie Deng, William N. Robinson (2021): Changes in emergent software development routines: The moderation effects of routine diversity, In: International Journal of Information Management, doi:10.1016/j.ijinfomgt.2020.102306
gi.citations.elementMatt Germonprez, Georg J.P. Link, Kevin Lumbard, Sean Goggins (2018): Eight Observations and 24 Research Questions About Open Source Projects, In: Proceedings of the ACM on Human-Computer Interaction CSCW(2), doi:10.1145/3274326
gi.citations.elementStefano Zacchiroli (2022): A large-scale dataset of (open source) license text variants, In: Proceedings of the 19th International Conference on Mining Software Repositories, doi:10.1145/3524842.3528491
gi.citations.elementAnastasia Terzi, Stamatia Bibi (2024): Opening Software Research Data 5Ws+1H, In: Software 4(3), doi:10.3390/software3040021
gi.citations.elementXiming Zhang, Huan Xu, Qiuling Yu, Shipei Zeng, Shan Dai, Haowen Yang, Shuhan Wu (2024): License recommendation for open source projects in the power industry, In: Information and Software Technology, doi:10.1016/j.infsof.2023.107391
gi.citations.elementArushi Arora, Virginia Wright, Christina Garman (2022): Strengthening the Security of Operational Technology: Understanding Contemporary Bill of Materials, In: Journal of Critical Infrastructure Policy 1(3), doi:10.18278/jcip.3.1.8
gi.citations.elementAndreas Bauer, Nikolay Harutyunyan, Dirk Riehle, Georg-Daniel Schwarz (2020): Challenges of Tracking and Documenting Open Source Dependencies in Products: A Case Study, In: IFIP Advances in Information and Communication Technology, doi:10.1007/978-3-030-47240-5_3
gi.citations.elementKevin Lumbard, Matt Germonprez, Sean Goggins (2023): An empirical investigation of social comparison and open source community health, In: Information Systems Journal 2(34), doi:10.1111/isj.12485
gi.conference.locationSanibel Island, Florida, USA

Files

Collections