Open data standards for open source software risk management routines: An examination of SPDX

9Citations
Citations of this article
21Readers
Mendeley users who have this article in their library.

Abstract

As the organizational use of open source software (OSS) increases, it requires the adjustment of organizational routines to manage new OSS risk. These routines may be influenced by community-developed open data standards to explicate, analyze, and report OSS risks. Open data standards are co-created in open communities for unifying the exchange of information. The SPDX® specification is such an open data standard to explicate and share OSS risk information. The development and subsequent adoption of SPDX raises the questions of how organizations make sense of SPDX when improving their own risk management routines, and of how a community benefits from the experiential knowledge that is contributed back by organizational adopters. To explore these questions, we conducted a single case, multi-component field study, connecting with members of organizations that employed SPDX. The results of this study contribute to understanding the development and adoption of open data standards within open source environments.

References Powered by Scopus

Reconceptualizing organizational routines as a source of flexibility and change

2601Citations
N/AReaders
Get full text

Adoption of an organizational practice by subsidiaries of multinational corporations: Institutional and relational effects

1881Citations
N/AReaders
Get full text

The strategic use of decentralized institutions: Exploring certification with the ISO 14001 management standard

655Citations
N/AReaders
Get full text

Cited by Powered by Scopus

Eight observations and 24 research questions about open source projects: Illuminating new realities

22Citations
N/AReaders
Get full text

A Large-scale Dataset of (Open Source) License Text Variants

8Citations
N/AReaders
Get full text

Strengthening the Security of Operational Technology: Understanding Contemporary Bill of Materials

7Citations
N/AReaders
Get full text

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Cite

CITATION STYLE

APA

Gandhi, R., Germonprez, M., & Link, G. J. P. (2018). Open data standards for open source software risk management routines: An examination of SPDX. In Proceedings of the International ACM SIGGROUP Conference on Supporting Group Work (pp. 219–229). Association for Computing Machinery. https://doi.org/10.1145/3148330.3148333

Readers' Seniority

Tooltip

PhD / Post grad / Masters / Doc 7

64%

Professor / Associate Prof. 2

18%

Lecturer / Post doc 1

9%

Researcher 1

9%

Readers' Discipline

Tooltip

Computer Science 9

75%

Business, Management and Accounting 2

17%

Economics, Econometrics and Finance 1

8%

Save time finding and organizing research with Mendeley

Sign up for free