Cargando…
Challenges of Tracking and Documenting Open Source Dependencies in Products: A Case Study
Software vendors need to manage the dependencies of the open source components used in their products. Without this management, license compliance would be impossible, export restrictions could not be maintained, and security vulnerabilities would remain unknown to the vendor. The management of thes...
| Autores principales: | , , , |
|---|---|
| Formato: | Online Artículo Texto |
| Lenguaje: | English |
| Publicado: |
2020
|
| Materias: | |
| Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7198239/ http://dx.doi.org/10.1007/978-3-030-47240-5_3 |
| _version_ | 1783528961266941952 |
|---|---|
| author | Bauer, Andreas Harutyunyan, Nikolay Riehle, Dirk Schwarz, Georg-Daniel |
| author_facet | Bauer, Andreas Harutyunyan, Nikolay Riehle, Dirk Schwarz, Georg-Daniel |
| author_sort | Bauer, Andreas |
| collection | PubMed |
| description | Software vendors need to manage the dependencies of the open source components used in their products. Without this management, license compliance would be impossible, export restrictions could not be maintained, and security vulnerabilities would remain unknown to the vendor. The management of these dependencies has grown in an ad-hoc fashion in most companies. As such, vendors find it hard to learn from each other and improve practices. To address this problem, we performed exploratory single-case study research at one large established software vendor. We gathered and analyzed the key challenges of tracking and documenting open source dependencies in products. We wanted to understand whether these ad-hoc solutions could be based on a single unified conceptual model for managing dependencies. Our study suggests that underlying the various point solutions that we found at this vendor lies a conceptual model that we tentatively call the product (architecture) model. In future cross-vendor work, we will investigate whether this conceptual model can be expanded to become a unifying model for all open source dependency management. |
| format | Online Article Text |
| id | pubmed-7198239 |
| institution | National Center for Biotechnology Information |
| language | English |
| publishDate | 2020 |
| record_format | MEDLINE/PubMed |
| spelling | pubmed-71982392020-05-05 Challenges of Tracking and Documenting Open Source Dependencies in Products: A Case Study Bauer, Andreas Harutyunyan, Nikolay Riehle, Dirk Schwarz, Georg-Daniel Open Source Systems Article Software vendors need to manage the dependencies of the open source components used in their products. Without this management, license compliance would be impossible, export restrictions could not be maintained, and security vulnerabilities would remain unknown to the vendor. The management of these dependencies has grown in an ad-hoc fashion in most companies. As such, vendors find it hard to learn from each other and improve practices. To address this problem, we performed exploratory single-case study research at one large established software vendor. We gathered and analyzed the key challenges of tracking and documenting open source dependencies in products. We wanted to understand whether these ad-hoc solutions could be based on a single unified conceptual model for managing dependencies. Our study suggests that underlying the various point solutions that we found at this vendor lies a conceptual model that we tentatively call the product (architecture) model. In future cross-vendor work, we will investigate whether this conceptual model can be expanded to become a unifying model for all open source dependency management. 2020-05-05 /pmc/articles/PMC7198239/ http://dx.doi.org/10.1007/978-3-030-47240-5_3 Text en © IFIP International Federation for Information Processing 2020 This article is made available via the PMC Open Access Subset for unrestricted research re-use and secondary analysis in any form or by any means with acknowledgement of the original source. These permissions are granted for the duration of the World Health Organization (WHO) declaration of COVID-19 as a global pandemic. |
| spellingShingle | Article Bauer, Andreas Harutyunyan, Nikolay Riehle, Dirk Schwarz, Georg-Daniel Challenges of Tracking and Documenting Open Source Dependencies in Products: A Case Study |
| title | Challenges of Tracking and Documenting Open Source Dependencies in Products: A Case Study |
| title_full | Challenges of Tracking and Documenting Open Source Dependencies in Products: A Case Study |
| title_fullStr | Challenges of Tracking and Documenting Open Source Dependencies in Products: A Case Study |
| title_full_unstemmed | Challenges of Tracking and Documenting Open Source Dependencies in Products: A Case Study |
| title_short | Challenges of Tracking and Documenting Open Source Dependencies in Products: A Case Study |
| title_sort | challenges of tracking and documenting open source dependencies in products: a case study |
| topic | Article |
| url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7198239/ http://dx.doi.org/10.1007/978-3-030-47240-5_3 |
| work_keys_str_mv | AT bauerandreas challengesoftrackinganddocumentingopensourcedependenciesinproductsacasestudy AT harutyunyannikolay challengesoftrackinganddocumentingopensourcedependenciesinproductsacasestudy AT riehledirk challengesoftrackinganddocumentingopensourcedependenciesinproductsacasestudy AT schwarzgeorgdaniel challengesoftrackinganddocumentingopensourcedependenciesinproductsacasestudy |