Research Paper: Getting Started with FLOSS Governance and Compliance in Companies

Abstract: Commercial use of open source software is on the rise as more companies realize the benefits of using FLOSS components in their products. At the same time, the ungoverned use of such components can result in legal, financial, intellectual property, and other risks. To mitigate these risks, companies must govern their use of open source through appropriate processes. This paper presents an initial theory of industry best practices on getting started with open source governance and compliance. Through a qualitative survey, we conducted and analyzed 15 expert interviews in companies with advanced capabilities in open source governance. We also studied practitioner reports on existing practices for introducing FLOSS governance processes. We cast our resulting initial theory in the actionable format of best practice patterns that, when combined, form a practical handbook of getting started with FLOSS governance in companies.

Keywords: Commercial Use of Open Source; FLOSS; FOSS; Industry Best Practice; Introduction of FLOSS in Companies; Open Source Software; Open Source Governance; Qualitative Survey.

Reference: Nikolay Harutyunyan and Dirk Riehle. 2019 (August). Getting Started with FLOSS Governance and Compliance in Companies. In OpenSym’19: 15th International Symposium on Open Collaboration, August 20-22, 2019, Skövde, Sweden. ACM, 10 pages.

A preprint of the paper is available here as a PDF file.