Open Data Standards for Open Source Software Risk Management Routines: An Examination of SPDX

Authors

Robin A. Gandhi, University of Nebraska at OmahaFollow
Matt Germonprez, University of Nebraska at OmahaFollow
Georg J.P. Link, University of Nebraska at OmahaFollow

Document Type

Article

Publication Date

2018

Publication Title

GROUP '18 Conference

First Page

219

Last Page

229

Abstract

As the organizational use of open source software (OSS) increases, it requires the adjustment of organizational routines to manage new OSS risk. These routines may be influenced by community-developed open data standards to explicate, analyze, and report OSS risks. Open data standards are co-created in open communities for unifying the exchange of information. The SPDX® specification is such an open data standard to explicate and share OSS risk information. The development and subsequent adoption of SPDX raises the questions of how organizations make sense of SPDX when improving their own risk management routines, and of how a community benefits from the experiential knowledge that is contributed back by organizational adopters. To explore these questions, we conducted a single case, multi-component field study, connecting with members of organizations that employed SPDX. The results of this study contribute to understanding the development and adoption of open data standards within open source environments.

Comments

© 2018 Robin Gandhi, Matt Germonprez and Georg J.P. Link. This work is licensed under a Creative Commons Attribution-ShareAlike International 4.0 License.

https://doi.org/10.1145/3148330.3148333

Recommended Citation

Gandhi, Robin A.; Germonprez, Matt; and Link, Georg J.P., "Open Data Standards for Open Source Software Risk Management Routines: An Examination of SPDX" (2018). Information Systems and Quantitative Analysis Faculty Publications. 50.
https://digitalcommons.unomaha.edu/isqafacpub/50