Industry Best Practices for Component Approval in Open Source Governance

Abstract: Increasingly companies realize the value of using free/libre and open source software (FLOSS) in their products, but need to manage the associated risks. Leading companies introduce open source governance as a solution. A key aspect of corporate FLOSS governance deals with choosing and evaluating open source components for use in products. Following an industry-based research approach, we present 13 best practices in the pattern format of context-problem-solutions paired with consequences. In this paper, we cover an excerpt of the Component Approval section of our FLOSS governance handbook. This article builds upon our previous EuroPLoP publication covering Component Reuse in FLOSS governance processes, as well as other publications on the topic. Analyzing qualitative data gathered from 15 expert interviews, we derive and interconnect the common industry recommendations for reviewing, tracking, and approving open source components in a company environment. We conclude by presenting workflow templates that put various best practices in relation to each other.

Keywords: Commercial Use of Open Source, Component Approval, FLOSS, FOSS, Industry Best Practice, Open Source Software, Open Source Governance, Pattern Language.

Reference: Nikolay Harutyunyan and Dirk Riehle. 2020 (July). Industry Best Practices for Component Approval in FLOSS Governance. 25th European Conference on Pattern Languages of Programs (EuroPLoP ’20). Virtual, Germany.

A preprint of the paper is available here as a PDF file.