Open data standards for open source software risk management routines: An examination of SPDX

Robin Gandhi, Matt Germonprez, Georg J.P. Link

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)

Abstract

As the organizational use of open source software (OSS) increases, it requires the adjustment of organizational routines to manage new OSS risk. These routines may be influenced by community-developed open data standards to explicate, analyze, and report OSS risks. Open data standards are co-created in open communities for unifying the exchange of information. The SPDX® specification is such an open data standard to explicate and share OSS risk information. The development and subsequent adoption of SPDX raises the questions of how organizations make sense of SPDX when improving their own risk management routines, and of how a community benefits from the experiential knowledge that is contributed back by organizational adopters. To explore these questions, we conducted a single case, multi-component field study, connecting with members of organizations that employed SPDX. The results of this study contribute to understanding the development and adoption of open data standards within open source environments.

Original languageEnglish (US)
Title of host publicationGROUP 2018 - Proceedings of the 2018 ACM Conference on Supporting Groupwork
PublisherAssociation for Computing Machinery
Pages219-229
Number of pages11
ISBN (Print)9781450355629
DOIs
StatePublished - Jan 7 2018
Event2018 ACM Conference on Supporting Groupwork, GROUP 2018 - Sanibel Island, United States
Duration: Jan 7 2018Jan 10 2018

Publication series

NameProceedings of the International ACM SIGGROUP Conference on Supporting Group Work

Other

Other2018 ACM Conference on Supporting Groupwork, GROUP 2018
CountryUnited States
CitySanibel Island
Period1/7/181/10/18

Fingerprint

Risk management
Specifications
Open source software

Keywords

  • Case Study
  • Interviews
  • Open Source Software
  • Practice Theory
  • Risk Management
  • Routines
  • Standardization

ASJC Scopus subject areas

  • Computer Science(all)

Cite this

Gandhi, R., Germonprez, M., & Link, G. J. P. (2018). Open data standards for open source software risk management routines: An examination of SPDX. In GROUP 2018 - Proceedings of the 2018 ACM Conference on Supporting Groupwork (pp. 219-229). (Proceedings of the International ACM SIGGROUP Conference on Supporting Group Work). Association for Computing Machinery. https://doi.org/10.1145/3148330.3148333

Open data standards for open source software risk management routines : An examination of SPDX. / Gandhi, Robin; Germonprez, Matt; Link, Georg J.P.

GROUP 2018 - Proceedings of the 2018 ACM Conference on Supporting Groupwork. Association for Computing Machinery, 2018. p. 219-229 (Proceedings of the International ACM SIGGROUP Conference on Supporting Group Work).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Gandhi, R, Germonprez, M & Link, GJP 2018, Open data standards for open source software risk management routines: An examination of SPDX. in GROUP 2018 - Proceedings of the 2018 ACM Conference on Supporting Groupwork. Proceedings of the International ACM SIGGROUP Conference on Supporting Group Work, Association for Computing Machinery, pp. 219-229, 2018 ACM Conference on Supporting Groupwork, GROUP 2018, Sanibel Island, United States, 1/7/18. https://doi.org/10.1145/3148330.3148333
Gandhi R, Germonprez M, Link GJP. Open data standards for open source software risk management routines: An examination of SPDX. In GROUP 2018 - Proceedings of the 2018 ACM Conference on Supporting Groupwork. Association for Computing Machinery. 2018. p. 219-229. (Proceedings of the International ACM SIGGROUP Conference on Supporting Group Work). https://doi.org/10.1145/3148330.3148333
Gandhi, Robin ; Germonprez, Matt ; Link, Georg J.P. / Open data standards for open source software risk management routines : An examination of SPDX. GROUP 2018 - Proceedings of the 2018 ACM Conference on Supporting Groupwork. Association for Computing Machinery, 2018. pp. 219-229 (Proceedings of the International ACM SIGGROUP Conference on Supporting Group Work).
@inproceedings{cf401050c81d4535976dbd2e06e571b7,
title = "Open data standards for open source software risk management routines: An examination of SPDX",
abstract = "As the organizational use of open source software (OSS) increases, it requires the adjustment of organizational routines to manage new OSS risk. These routines may be influenced by community-developed open data standards to explicate, analyze, and report OSS risks. Open data standards are co-created in open communities for unifying the exchange of information. The SPDX{\circledR} specification is such an open data standard to explicate and share OSS risk information. The development and subsequent adoption of SPDX raises the questions of how organizations make sense of SPDX when improving their own risk management routines, and of how a community benefits from the experiential knowledge that is contributed back by organizational adopters. To explore these questions, we conducted a single case, multi-component field study, connecting with members of organizations that employed SPDX. The results of this study contribute to understanding the development and adoption of open data standards within open source environments.",
keywords = "Case Study, Interviews, Open Source Software, Practice Theory, Risk Management, Routines, Standardization",
author = "Robin Gandhi and Matt Germonprez and Link, {Georg J.P.}",
year = "2018",
month = "1",
day = "7",
doi = "10.1145/3148330.3148333",
language = "English (US)",
isbn = "9781450355629",
series = "Proceedings of the International ACM SIGGROUP Conference on Supporting Group Work",
publisher = "Association for Computing Machinery",
pages = "219--229",
booktitle = "GROUP 2018 - Proceedings of the 2018 ACM Conference on Supporting Groupwork",

}

TY - GEN

T1 - Open data standards for open source software risk management routines

T2 - An examination of SPDX

AU - Gandhi, Robin

AU - Germonprez, Matt

AU - Link, Georg J.P.

PY - 2018/1/7

Y1 - 2018/1/7

N2 - As the organizational use of open source software (OSS) increases, it requires the adjustment of organizational routines to manage new OSS risk. These routines may be influenced by community-developed open data standards to explicate, analyze, and report OSS risks. Open data standards are co-created in open communities for unifying the exchange of information. The SPDX® specification is such an open data standard to explicate and share OSS risk information. The development and subsequent adoption of SPDX raises the questions of how organizations make sense of SPDX when improving their own risk management routines, and of how a community benefits from the experiential knowledge that is contributed back by organizational adopters. To explore these questions, we conducted a single case, multi-component field study, connecting with members of organizations that employed SPDX. The results of this study contribute to understanding the development and adoption of open data standards within open source environments.

AB - As the organizational use of open source software (OSS) increases, it requires the adjustment of organizational routines to manage new OSS risk. These routines may be influenced by community-developed open data standards to explicate, analyze, and report OSS risks. Open data standards are co-created in open communities for unifying the exchange of information. The SPDX® specification is such an open data standard to explicate and share OSS risk information. The development and subsequent adoption of SPDX raises the questions of how organizations make sense of SPDX when improving their own risk management routines, and of how a community benefits from the experiential knowledge that is contributed back by organizational adopters. To explore these questions, we conducted a single case, multi-component field study, connecting with members of organizations that employed SPDX. The results of this study contribute to understanding the development and adoption of open data standards within open source environments.

KW - Case Study

KW - Interviews

KW - Open Source Software

KW - Practice Theory

KW - Risk Management

KW - Routines

KW - Standardization

UR - http://www.scopus.com/inward/record.url?scp=85054846441&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85054846441&partnerID=8YFLogxK

U2 - 10.1145/3148330.3148333

DO - 10.1145/3148330.3148333

M3 - Conference contribution

AN - SCOPUS:85054846441

SN - 9781450355629

T3 - Proceedings of the International ACM SIGGROUP Conference on Supporting Group Work

SP - 219

EP - 229

BT - GROUP 2018 - Proceedings of the 2018 ACM Conference on Supporting Groupwork

PB - Association for Computing Machinery

ER -