Challenges of Tracking and Documenting Open Source Dependencies in Products: A Case Study - Open Source Systems
Conference Papers Year : 2020

Challenges of Tracking and Documenting Open Source Dependencies in Products: A Case Study

Abstract

Software vendors need to manage the dependencies of the open source components used in their products. Without this management, license compliance would be impossible, export restrictions could not be maintained, and security vulnerabilities would remain unknown to the vendor.The management of these dependencies has grown in an ad-hoc fashion in most companies. As such, vendors find it hard to learn from each other and improve practices.To address this problem, we performed exploratory single-case study research at one large established software vendor. We gathered and analyzed the key challenges of tracking and documenting open source dependencies in products. We wanted to understand whether these ad-hoc solutions could be based on a single unified conceptual model for managing dependencies.Our study suggests that underlying the various point solutions that we found at this vendor lies a conceptual model that we tentatively call the product (architecture) model. In future cross-vendor work, we will investigate whether this conceptual model can be expanded to become a unifying model for all open source dependency management.
Fichier principal
Vignette du fichier
496591_1_En_3_Chapter.pdf (171.29 Ko) Télécharger le fichier
Origin Files produced by the author(s)

Dates and versions

hal-03647275 , version 1 (20-04-2022)

Licence

Identifiers

Cite

Andreas Bauer, Nikolay Harutyunyan, Dirk Riehle. Challenges of Tracking and Documenting Open Source Dependencies in Products: A Case Study. 16th IFIP International Conference on Open Source Systems (OSS), May 2020, Innopolis, Russia. pp.25-35, ⟨10.1007/978-3-030-47240-5_3⟩. ⟨hal-03647275⟩
34 View
38 Download

Altmetric

Share

More