The Routinization of Open Source Project Engagement: The Case of Open Source Risk Management Routines

Research output: Contribution to journalArticlepeer-review

Abstract

As organizations increasingly use open source software, they inevitably routinize open source project engagement to manage new open source risks. We explore the software package data exchange (SPDX) standard as a key open source product for routinizing the work that open source risk management entails. The development and subsequent adoption of SPDX raise the questions of how organizations participate in SPDX to routinize open source work to better integrate with their own open source risk management routines, how organizations make sense of SPDX when improving their own open source risk management routines, and how a community benefits from the experiential knowledge that organizational early adopters contribute back to it. To explore these questions, we conducted a singlecase, multicomponent field study in which we connected with individuals who helped to develop and later employed SPDX in their own organizations. Our results contribute to explaining how organizations routinize open source project engagement by observing organizational commitments to routinize aspects of open source risk management through communal interactions, organizationally specific interpretations, and deployments.

Original languageEnglish (US)
Pages (from-to)729-747
Number of pages19
JournalCommunications of the Association for Information Systems
Volume49
DOIs
StatePublished - 2021

Keywords

  • Field Study
  • Linux Foundation
  • Open Source Projects
  • Routines
  • SPDX
  • Specifications

ASJC Scopus subject areas

  • Information Systems

Fingerprint

Dive into the research topics of 'The Routinization of Open Source Project Engagement: The Case of Open Source Risk Management Routines'. Together they form a unique fingerprint.

Cite this