Högskolan i Skövde

Reproducible builds (R-Bs) are software engineering practices that reliably create bit-for-bit identical binary executable files from specified source code. R-Bs are applied in someopen source software (OSS) projects and distributions to allow verification that the distrib-uted binary has been built from the released source code. The use of R-Bs has been advo-cated in software maintenance and R-Bs are applied in the development of some OSS secu-rity applications. Nonetheless, industry application of R-Bs appears limited, and we seekto understand whether awareness is low or if significant technical and business reasonsprevent wider adoption. Through interviews with software practitioners and business man-agers, this study explores the utility of applying R-Bs in businesses in the primary and sec-ondary software sectors and the business and technical reasons supporting their adoption.We find businesses use R-Bs in the safety-critical and security domains, and R-Bs are valu-able for traceability and support collaborative software development. We also found thatR-Bs are valued as engineering processes and are seen as a badge of software quality, butwithout a tangible value proposition. There are good engineering reasons to use R-Bs inindustrial software development, and the principle of establishing correspondence betweensource code and binary offers opportunities for the development of further applications.

Open hardware and open source software platforms bring benefits to both implementers and users in the form of system adaptability and maintainability, and through the avoidance of lock-in, for example. Development of the \riscv\ Instruction Set Architecture and processors during the last ten years has made the implementation of a desktop computer using open hardware, including open processors, and open source software an approaching possibility. We use the SiFive Unmatched development board and Ubuntu Linux, and the recorded experiences of system builders using the Unmatched board to explore the extent to which it is possible to create an open desktop computer. The work identifies current limitations to implementing an open computer system, which lie mainly at the interface between the operating system and hardware components. Potential solutions to the challenges uncovered are proposed, including greater consideration of openness during the early stages of product design. A further contribution is made by an account of the synergies arising from open collaboration in a private-collective innovation process.

Component-Based Software Development is a conventional way of working for software-intensive businesses and OpenSource Software (OSS) components are frequently considered by businesses for adoption and inclusion in softwareproducts. Previous research has found a variety of practices used to support the adoption of OSS components, in-cluding formally specified processes and less formal, developer-led approaches, and that the practices used continue todevelop. Evolutionary pressures identified include the proliferation of available OSS components and increases in thepace of software development as businesses move towards continuous integration and delivery. We investigate workpractices used in six software-intensive businesses in the primary and secondary software sectors to understand currentapproaches to OSS component adoption and the challenges businesses face establishing effective work practices to eval-uate OSS components. We find businesses have established processes for evaluating OSS components and communitiesthat support more complex and nuanced considerations of the cost and risks of component adoption alongside matterssuch as licence compliance and functional requirements. We also found that the increasing pace and volume of softwaredevelopment within some businesses provides pressure to continue to evolve software evaluation processes.

Open source software (OSS) and open standards have become increasingly important for addressing challenges related to lock-in, interoperability and long-term maintenance of systems and associated digital assets. OSS projects operate under different conditions and many projects and organisations consider successful governance and strategic involvement with projects to constitute major challenges. Today, many companies seek to establish work practices which facilitate strategic engagement with OSS projects. Based on findings from collaborative research which draws from rich insights and extensive experiences from practice, the paper presents seven actionable strategies for organisations that seek to leverage long-term involvement with OSS projects. 

Real-time communication (RTC) technologies for the web provide opportunities for individuals and organisations to work and collaborate remotely, and the need for such technologies has recently increased. Use of RTC technologies and tools for the web involves a number of challenges concerning data privacy and lock-in effects, such as dependency to specific suppliers and proprietary technologies. Use of open standards for RTC and open source software (OSS) implementing such standards can create conditions for avoiding issues related to data privacy and lock-in, and thereby provides opportunities for long-term sustainable solutions. The paper characterises how engagement with standardisation of WebRTC in the context of IETF and W3C is related to engagement with the WebRTC OSS project.

Formulation of mandatory requirements in procurement projects has significant influence on opportunities for development and deployment of Open Source Software (OSS). The paper contributes insights on a widespread practice amongst public procurement projects which causes problematic lock-in effects and thereby inhibits opportunities for use of OSS solutions. Through a systematic investigation of 30 randomly selected procurement projects in the software domain the paper highlights illustrative examples of mandatory requirements which cause lock-in and presents five recommendations for how requirements instead should be formulated in order to avoid causing lock-in. Findings show significant lock-in caused by current procurement practices with a stark preference for proprietary software and SaaS solutions amongst procuring organisations.

The majority of contributions to community open source software (OSS) projects are made by practitioners acting on behalf of companies and other organisations. Previous research has addressed the motivations of both individuals and companies to engage with OSS projects. However, limited research has been undertaken that examines and explains the practical mechanisms or work practices used by companies and their developers to pursue their commercial and technical objectives when engaging with OSS projects. This research investigates the variety of work practices used in public communication channels by company contributors to engage with and contribute to eight community OSS projects. Through interviews with contributors to the eight projects we draw on their experiences and insights to explore the motivations to use particular methods of contribution. We find that companies utilise work practices for contributing to community projects which are congruent with the circumstances and their capabilities that support their short- and long-term needs. We also find that companies contribute to community OSS projects in ways that may not always be apparent from public sources, such as employing core project developers, making donations, and joining project steering committees in order to advance strategic interests. The factors influencing contributor work practices can be complex and are often dynamic arising from considerations such as company and project structure, as well as technical concerns and commercial strategies. The business context in which software created by the OSS project is deployed is also found to influence contributor work practices.

In this paper novel results are reported on engagement with ICT standards and their implementations in open source software (OSS). Specifically, findings draw from observations and analyses related to the ITU-T H.265 standard and five OSS projects (x265, libde265, SVT-HEVC, Kvazaar, and Turing codec) implementing the standard. The study reports on a characterisation of organisations that engage with standard development for the H.265 standard and organisations with declarations for H.265 in the ITU-T patent database in relation to standard development for H.265, and how OSS projects implementing H.265 are related to standard development for H.265.

Web analytics technologies provide opportunities for organisations to obtain information about users visiting their websites in order to understand and optimise web usage. Use of such technologies often leads to issues related to data privacy and potential lock-in to specific suppliers and proprietary technologies. Use of open source software (OSS) for web analytics can create conditions for avoiding issues related to data privacy and lock-in, and thereby provides opportunities for a long-term sustainable solution for organisations both in the public and private sectors. This paper characterises use of and engagement with OSS projects for web analytics. Specifically, we contribute a characterisation of use of OSS licensed web analytics technologies in Swedish government authorities, and a characterisation of organisational engagement with the Matomo OSS project for web analytics.