Lessons Learned from Applying Social Network Analysis on an Industrial Free/Libre/Open Source Software Ecosystem

Many software projects are no longer done in-house by a single organization. Instead, we are in a new age where software is developed by a networked community of individuals and organizations, which base their relations to each other on mutual interest. Paradoxically, recent research suggests that software development can actually be jointly-developed by rival firms. For instance, it is known that the mobile-device makers Apple and Samsung kept collaborating in open source projects while running expensive patent wars in the court. Taking a case study approach, we explore how rival firms collaborate in the open source arena by employing a multi-method approach that combines qualitative analysis of archival data (QA) with mining software repositories (MSR) and Social Network Analysis (SNA). While exploring collaborative processes within the OpenStack ecosystem, our research contributes to Software Engineering research by exploring the role of groups, sub-communities and business models within a high-networked open source ecosystem. Surprising results point out that competition for the same revenue model (i.e., operating conflicting business models) does not necessary affect collaboration within the ecosystem. Moreover, while detecting the different sub-communities of the OpenStack community, we found out that the expected social tendency of developers to work with developers from same firm (i.e., homophily) did not hold within the OpenStack ecosystem. Furthermore, while addressing a novel, complex and unexplored open source case, this research also contributes to the management literature in coopetition strategy and high-tech entrepreneurship with a rich description on how heterogeneous actors within a high-networked ecosystem (involving individuals, startups, established firms and public organizations) joint-develop a complex infrastructure for big-data in the open source arena.Comment: As accepted by the Journal of Internet Services and Applications (JISA

Security considerations in the open source software ecosystem

Open source software plays an important role in the software supply chain, allowing stakeholders to utilize open source components as building blocks in their software, tooling, and infrastructure. But relying on the open source ecosystem introduces unique challenges, both in terms of security and trust, as well as in terms of supply chain reliability. In this dissertation, I investigate approaches, considerations, and encountered challenges of stakeholders in the context of security, privacy, and trustworthiness of the open source software supply chain. Overall, my research aims to empower and support software experts with the knowledge and resources necessary to achieve a more secure and trustworthy open source software ecosystem. In the first part of this dissertation, I describe a research study investigating the security and trust practices in open source projects by interviewing 27 owners, maintainers, and contributors from a diverse set of projects to explore their behind-the-scenes processes, guidance and policies, incident handling, and encountered challenges, finding that participants’ projects are highly diverse in terms of their deployed security measures and trust processes, as well as their underlying motivations. More on the consumer side of the open source software supply chain, I investigated the use of open source components in industry projects by interviewing 25 software developers, architects, and engineers to understand their projects’ processes, decisions, and considerations in the context of external open source code, finding that open source components play an important role in many of the industry projects, and that most projects have some form of company policy or best practice for including external code. On the side of end-user focused software, I present a study investigating the use of software obfuscation in Android applications, which is a recommended practice to protect against plagiarism and repackaging. The study leveraged a multi-pronged approach including a large-scale measurement, a developer survey, and a programming experiment, finding that only 24.92% of apps are obfuscated by their developer, that developers do not fear theft of their own apps, and have difficulties obfuscating their own apps. Lastly, to involve end users themselves, I describe a survey with 200 users of cloud office suites to investigate their security and privacy perceptions and expectations, with findings suggesting that users are generally aware of basic security implications, but lack technical knowledge for envisioning some threat models. The key findings of this dissertation include that open source projects have highly diverse security measures, trust processes, and underlying motivations. That the projects’ security and trust needs are likely best met in ways that consider their individual strengths, limitations, and project stage, especially for smaller projects with limited access to resources. That open source components play an important role in industry projects, and that those projects often have some form of company policy or best practice for including external code, but developers wish for more resources to better audit included components. This dissertation emphasizes the importance of collaboration and shared responsibility in building and maintaining the open source software ecosystem, with developers, maintainers, end users, researchers, and other stakeholders alike ensuring that the ecosystem remains a secure, trustworthy, and healthy resource for everyone to rely on

Coopetition in an open-source way : lessons from mobile and cloud computing infrastructures

An increasing amount of technology is no longer developed in-house. Instead, we are in a new age where technology is developed by a networked community of individuals and organizations, who base their relations to each other on mutual interest. Advances arising from research in platforms, ecosystems, and infrastructures can provide valuable knowledge for better understanding and explaining technology development among a network of firms. More surprisingly, recent research suggests that technology can be jointly developed by rival competing firms in an open-source way. For instance, it is known that the mobile device makers Apple and Samsung continued collaborating in open-source projects while running expensive patent wars in the courts. On top of multidisciplinary theory in open-source software, cooperation among competitors (aka coopetition) and digital infrastructures, I (and my coauthors) explored how rival firms cooperate in the joint development of open-source infrastructures. While assimilating a wide variety of paradigms and analytical approaches, this doctoral research combined the qualitative analysis of naturally occurring data (QA) with the mining of software repositories (MSR) and social network analysis (SNA) within a set of case studies. By turning to the mobile and cloud computing industries in general, and the WebKit and OpenStack opensource infrastructures in particular, we found out that qualitative ethnographic materials, combined with social network visualizations, provide a rich medium that enables a better understanding of competitive and cooperative issues that are simultaneously present and interconnected in open-source infrastructures. Our research contributes back to managerial literature in coopetition strategy, but more importantly to Information Systems by addressing both cooperation and competition within the development of high-networked open-source infrastructures.Yhä suurempaa osaa teknologiasta ei enää kehitetä organisaatioiden omasta toimesta. Sen sijaan, olemme uudella aikakaudella jossa teknologiaa kehitetään verkostoituneessa yksilöiden ja organisaatioiden yhteisössä, missä toimitaan perustuen yhteiseen tavoitteeseen. Alustojen, ekosysteemien ja infrastruktuurien tutkimuksen tulokset voivat tuottaa arvokasta tietämystä teknologian kehittämisestä yritysten verkostossa. Erityisesti tuore tutkimustieto osoittaa että kilpailevat yritykset voivat yhdessä kehittää teknologiaa avoimeen lähdekoodiin perustuvilla käytännöillä. Esimerkiksi tiedetään että mobiililaitteiden valmistajat Apple ja Samsung tekivät yhteistyötä avoimen lähdekoodin projekteissa ja kävivät samaan aikaan kalliita patenttitaistoja eri oikeusfoorumeissa. Perustuen monitieteiseen teoriaan avoimen lähdekoodin ohjelmistoista, yhteistyöstä kilpailijoiden kesken (coopetition) sekä digitaalisista infrastruktuureista, minä (ja kanssakirjoittajani) tutkimme miten kilpailevat yritykset tekevät yhteistyötä avoimen lähdekoodin infrastruktuurien kehityksessä. Sulauttaessaan runsaan joukon paradigmoja ja analyyttisiä lähestymistapoja case-joukon puitteissa, tämä väitöskirjatutkimus yhdisti luonnollisesti esiintyvän datan kvantitatiivisen analyysin ohjelmapakettivarastojen louhintaan ja sosiaalisten verkostojen analyysiin. Tutkiessamme mobiili- ja pilvipalveluiden teollisuudenaloja yleisesti, ja WebKit ja OpenStack avoimen lähdekoodin infrastruktuureja erityisesti, havaitsimme että kvalitatiiviset etnografiset materiaalit yhdistettyinä sosiaalisten verkostojen visualisointiin tuottavat rikkaan aineiston joka mahdollistaa avoimen lähdekoodin infrastruktuuriin samanaikaisesti liittyvien kilpailullisten ja yhteistyökuvioiden hyvän ymmärtämisen. Tutkimuksemme antaa oman panoksensa johdon kirjallisuuteen coopetition strategy -alueella, mutta sitäkin enemmän tietojärjestelmätieteeseen, läpikäymällä sekä yhteistyötä että kilpailua tiiviisti verkostoituneessa avoimen lähdekoodin infrastruktuurien kehitystoiminnassaUma crescente quantidade de tecnologia não é desenvolvida internamente por uma só organização. Em vez disso, estamos em uma nova era em que a tecnologia é desenvolvida por uma comunidade de indivíduos e organizações que baseiam suas relações umas com as outras numa rede de interesse mútuo. Os avanços teórico decorrentes da pesquisa em plataformas computacionais, ecossistemas e infraestruturas digitais fornecem conhecimentos valiosos para uma melhor compreensão e explicação do desenvolvimento tecnológico por uma rede de multiplas empresas. Mais surpreendentemente, pesquisas recentes sugerem que tecnologia pode ser desenvolvida conjuntamente por empresas rivais concorrentes e de uma forma aberta (em código aberto). Por exemplo, sabe-se que os fabricantes de dispositivos móveis Apple e Samsung continuam a colaborar em projetos de código aberto ao mesmo tempo que se confrontam em caras guerras de patentes nos tribunais. Baseados no conhecimento científico de software de código aberto, de cooperação entre concorrentes (também conhecida como coopetição) e de infraestruturas digitais, eu e os meus co-autores exploramos como empresas concorrentes cooperam no desenvolvimento conjunto de infraestruturas de código aberto. Ao utilizar uma variedade de paradigmas e abordagens analíticas, esta pesquisa de doutoramento combinou a análise qualitativa de dados de ocorrência natural (QA) com a análise de repositórios de softwares (MSR) e a análise de redes sociais (SNA) dentro de um conjunto de estudos de casos. Ao investigar as industrias de technologias móveis e de computação em nuvem em geral, e as infraestruturas em código aberto WebKit e OpenStack, em particular, descobrimos que o material etnográfico qualitativo, combinado com visualizações de redes sociais, fornece um meio rico que permite uma melhor compreensão das problemas competitivos e cooperativos que estão simultaneamente presentes e interligados em infraestruturas de código aberto. A nossa pesquisa contribui para a literatura em gestão estratégica e coompetição, mas mais importante para literatura em Sistemas de Informação, abordando a cooperação e concorrência no desenvolvimento de infraestruturas de código aberto por uma rede the indivíduos e organizações em interesse mútuo

Towards Identifying Paid Open Source Developers - A Case Study with Mozilla Developers

Open source development contains contributions from both hired and volunteer software developers. Identification of this status is important when we consider the transferability of research results to the closed source software industry, as they include no volunteer developers. While many studies have taken the employment status of developers into account, this information is often gathered manually due to the lack of accurate automatic methods. In this paper, we present an initial step towards predicting paid and unpaid open source development using machine learning and compare our results with automatic techniques used in prior work. By relying on code source repository meta-data from Mozilla, and manually collected employment status, we built a dataset of the most active developers, both volunteer and hired by Mozilla. We define a set of metrics based on developers' usual commit time pattern and use different classification methods (logistic regression, classification tree, and random forest). The results show that our proposed method identify paid and unpaid commits with an AUC of 0.75 using random forest, which is higher than the AUC of 0.64 obtained with the best of the previously used automatic methods.Comment: International Conference on Mining Software Repositories (MSR) 201

Cooperation among competitors in the open-source arena: The case of OpenStack

Interorganizational interactions are often complex and paradoxical. In this research, we transcend two management paradoxes: (competition versus cooperation) and (open-source versus proprietary) technology development. We follow the OpenStack open-source ecosystem where competing firms cooperate in the joint-development of a cloud infrastructure for big data. We provide a narrative, complemented with social network visualizations, which depicts the evolution of cooperation and competition. Our findings suggest that development transparency and weak intellectual property rights (i.e., characteristics of open-source ecosystems) allow a focal firm to transfer information and resources more easily between multiple alliances

Essential properties of open development communities : supporting growth, collaboration, and learning

Open development has emerged as a method for creating versatile and complex products through free collaboration of individuals. This free collaboration forms globally distributed teams. Similarly, it is common today to view business and other human organizations as ecosystems, where several participating companies and organizations co-operate and compete together. For example, open source software development is one area where community driven development provides a plausible platform for both development of products and establishing a software ecosystem where a set of businesses contribute their own innovations. Equally, open learning environments and open innovation platforms are also gaining ground. While such initiatives are not limited to any specific area, they typically offer a technological, legal, social, and economic framework for development. Moreover, they always rely on the associated community, the people. Open development would not exist without the active participation of keen developers. However, people are fickle. Firstly, as one of the main driving forces for participation is own interest, "scratching your own itch", the question of how to grow and support open development rises to the forefront. Further it leads to ask what contributes to making open development successful. This is especially crucial when the product has business value. Secondly, as open development has its own governance methods and development guidelines, one is led to ask, how learning these could be facilitated, and how community participation could be supported. This doctoral dissertation gives insight on tools and techniques that help in dealing with the multi-faceted challenge of working with and growing an open development community. It discusses these through a framework covering the five key aspects of open development: the people in and the purpose of the community, the product developed by the community and the policies and the platform the community needs to function. The thesis presents work on establishing and monitoring an open development community in two different settings: a Free/Libre/Open Source Software(FLOSS) business environment and open education. The research covers going ahead with open development within the FLOSS ecosystem both from the point of view of the product and the business environment. Additionally, this thesis offers research on how developers can learn open development methods. It introduces academic open development communities through which the developers can adopt collaborative development skills. The research presented paves the way for gaining further knowledge in growing thriving open development communities

New Solutions to the Funding Dilemma of Technology Startups

This article explores the current funding challenges facing technology startups and describes new models based on smaller investments and collective action. First, the advantages and disadvantages of traditional startup funding models are presented, with an emphasis on venture capital and angel investment. Next, an overview of existing seed funds, or seed accelerators, shows how entrepreneurs can leverage this approach to access subsequent rounds of funding and create successful ventures. Then, an overview of crowd funding is provided, including examples of companies that have adopted this approach to funding startups and their founders. Finally, the article presents the basis of a new approach that uses crowd funding as means of attracting investors to collectives. In these business ecosystems, startups are exposed to less risk and investors can benefit from attractive returns by investing in these promising startups