Open Ph.D. Position in Open Source Governance

We have a full-time Ph.D. position (German Mitarbeiter position at TVL-E13 level) available on the topic of open source governance.

In this research project, the new team member will build and evaluate a theory on what constitutes good open source governance and license compliance at companies who use open source in projects and products. The specific focus is on selecting open source components for company use, both from a managerial and legal perspective. The new team member will join a team where other people are working on related (but distinct) topics.

Continue reading Open Ph.D. Position in Open Source Governance

The 2017 Letter to Stakeholders (Year-end)

Welcome to the 2017 (year-end) letter to stakeholders of the Professorship of Open Source Software at the Friedrich-Alexander-University Erlangen-Nürnberg! (Download as PDF.)


In 2017, we continued our successful work from prior years, focussing on existing projects. Revenues kept growing at about 20% CAGR and we got a new top-tier research journal paper published. We finally acquired our first DFG grant and welcomed Andreas Bauer as a new member to the team. Welcome, Andi!

Continue reading The 2017 Letter to Stakeholders (Year-end)

Final Thesis: A Theory of Open Source Engineering Processes

Abstract: Open Source communities are largely people centric and work on customized software processes created by people while trying to solve a problem. Hence, most Open Source projects do not have formal processes or do not follow software engineering best practices. But at the same time, they are successful and the processes followed are instrumental in their success. The objective of this thesis is to build a theory of Open Source Engineering processes. This theory can be used by Open Source communities to design their own processes and to compare their processes with that of other communities. The theory is presented as categories and sub-categories and is derived from qualitative data analysis of interviews and supplemental materials. The model is then applied to three polar Open Source communities.

Keywords: Open source engineering process, open source development process, qualitative research, decision-making in open source

PDFs: Master Thesis, Work Description

Reference: Harisree Radhakrishnan. A Theory of Open Source Engineering Processes. Master Thesis, Friedrich-Alexander-Universität Erlangen-Nürnberg: 2017.

Vorträge am Senior Design Day des Zollhof

Wir werden am Freitag, 2017-12-08, um 11:30 Uhr, am Senior Design Day des Startup-Inkubators der FAU teilnehmen. Unser Beitrag sind die folgenden drei Vorträge resp. Demos (jeweils nur wenige Minuten). Das Event ist kostenfrei; Tickets gibt es hier.

  1. Das Uni1 / AMOS Projektkonzept für Industrieinnovation mit Universitäten

    Uni1 ermöglicht es Unternehmen, preisgünstig und flexibel mit Universitäten in der Lehre zusammenzuarbeiten und eine Pipeline fuer offene Innovation zu erzeugen. Wir stellen als wichtiges Beispiel das AMOS Projekt vor, einen Kurs, in dem Unternehmen Softwareentwicklungsprojekte mit der FAU abwickeln.

  2. Das 2017 AMOS Projekt “Raspberry Pi as User Control Board” mit Sivantos

    The mission of this AMOS project is to enhance the Sivantos Fitting Software System with a Raspberry Pi user control board to test the software efficiently and rapidly replacing the existing manual interaction with the system under test. Our project enables test engineers and manual testers at Sivantos to test their software faster, more comfortably, more efficiently and more thoroughly.

  3. Das 2015 AMOS Projekt “Croudtrip!” mit Elektrobit

    Als Teil des Elektrobit-internen Innovationswettbewerbs wurde die Idee eines Car-Sharing-Dienst entwickelt, welcher auf Basis von Elektrobit Diensten und Produkten entwickelt eine Startup darstellen sollte, die das Elektrobit (jetzt Continental) Ökosystem bereichert. Das Projekt wurde als AMOS Projekt in 2015 umgesetzt. PS: Crowd + Cloud + Kraut = Croud

Final Thesis: A Visual UML-Editor for QDAcity

Abstract: QDAcity ist eine Webanwendung zur Unterstützung der qualitativen Datenanalyse (QDA) von Text-Daten. Bei der qualitativen Datenanalyse geht es darum Informationen und Zusammenhänge aus unstrukturierten Daten wie Interviewtranskriptionen zu gewinnen. Ein wichtiger Prozess bei der QDA ist die Kodierung, bei der Textstellen mit selbstdefinierten Codes versehen werden, um die Inhalte besser zu strukturieren. Die Anwendung QDAcity unterstützt die Kodierung von Texten mit einem Codesystem, welches die Codes hierarchisch strukturiert. In dieser Arbeit wurde für QDAcity eine Software entwickelt, durch die es erstmals möglich ist, einzelne Elemente des konzeptuellen Modells (Klassen oder Beziehungen) mit Elementen aus qualitativen Daten (Codes) zu verknüpfen. Es wurde also ein Domänenmodell-Editor entwickelt, der auf Basis eines Codesystems arbeitet, und bei dem sowohl für das Klassendiagramm, als auch für das Codesystem ein gemeinsames Modell verwendet wird. Für die Umsetzung wurde das Codesystem um eine Codesystem-Language erweitert, die die Kategorisierung und damit die Abbildung in einen UML-Klassen-Diagramm ermöglicht.

Keywords: Domain Modeling, Qualitative Data Analysis, QDA, UML

PDFs: Master Thesis, Work Description

Reference: Felix Loos. A Visual UML-Editor for QDAcity. Master Thesis, Friedrich-Alexander-Universität Erlangen-Nürnberg: 2017.

Entry-level position in open source compliance at Software AG

Software AG, one of our industry partners, informs us about an entry-level position in the domain of open source governance and compliance, including commercial licensing and technology alliances. As always, feel free to apply directly or request an introduction and recommendation through Prof. Riehle.

Final Thesis: A Method to Determine the Return on Investement of Inner Source

Abstract: Inner source is the use of open source software developing practices in proprietary software development across organizational borders. A significant amount of companies are adopting inner source. Some companies already utilize inner source practices without a coordinated effort to adopt inner source. It is unclear if the gains of inner source outweight the costs of running and adopting it because there is no quantitative method to determine the return on investment for inner source yet. In this paper, we develop a quantitative method to determine the return on investment of inner source. We followed a four phase research approach: First, we conducted a methodological literature review to collect methods and best practices on how to create a return on investment model. Second, we performed a exploratory literature review to identify typical inner source costs and gains. Third, we hypothesized formulas to quantify the costs and gains. Fourth, we prepared but not fully conducted an industry case study to evaluate the method. We provide a methode on how to determine the gains and costs induced by inner source and on how to aggregate them to the return on investment value. We evaluated our method at an organization already adopting inner source. As the results were inconclusive, we suggest further research on evaluating the method. This paper contains the first method to determine the return on investment for inner source.

Keywords: Software engineering, open source, inner source, return on investement

PDFs: Master Thesis, Thesis Description

Reference: Sebastian Duda. A Method to Determine the Return on Investement of Inner Source. Bachelor Thesis, Friedrich-Alexander-Universität Erlangen-Nürnberg: 2017.

Final Thesis: Sweble Security Programming Plugin – Security Rules Engine

Abstract: Within the scope of industry 4.0 and digitalization, there is a growing danger of cyber crime and security attacks, causing huge harm for digital business. Therefore, in nowadays software development, IT-security is regarded as a quality criterion, determining the success of a product or project. Nevertheless, the complexity of security attacks, vulnerabilities and software development as a whole, complicates the reliable protection against and mitigation of security attacks.

To support software engineers to develop more secure software, this thesis shows the concept and presents a prototype of a software security rules methodology called Serum. Serum is designed to help software developers and all other project members in creating a more secure software. A domain-specific language was designed and integrated into a global knowledge management system (Sweble), to allow modeling and describing software assets, associated security attacks as well as known countermeasures. A second component, using the gathered security knowledge, was implemented, focusing on the support of software architects during the creation of a threat- and risk analysis. To facilitate the consideration of security even more a custom test- and dashboard system allows developers and test architects to monitor their contribution towards a more secure system.

The thesis should provide a basis for a holistic security support during all phases of the software development life cycle.

Keywords: IT-Security, threat analysis, DSL, Sweble, structured data

PDFs: Master Thesis

Reference: Florian Gerdes. Sweble Security Programming Plugin – Security Rules Engine. Master Thesis, Friedrich-Alexander-Universität Erlangen-Nürnberg: 2017.

AVL DiTest sucht Werkstudenten/innen für die Automotive-Softwareentwicklung

AVL DiTest schreibt uns resp. unseren Studenten und Studentinnen:

Im Rahmen des AMOS Projekts sind in unserem Unternehmen einige interessante Projekte entstanden. Wir suchen nun engagierte Studenten, welche uns bei der Weiterentwicklung unterstützen und diese vorantreiben. Daneben gibt es natürlich noch genug andere spannende Themen bei uns.

Einen kleinen Einblick gibt es auf unserer GitHub Seite unter

Continue reading AVL DiTest sucht Werkstudenten/innen für die Automotive-Softwareentwicklung

New Grading Scheme for Final Theses

We designed a new and simplified grading scheme for final theses, replacing the old one. A thesis still has to pass some basic [OK|NOK] checks like completeness of declaration of materials built on, relevant topic, no plagiarism, etc. However, this is a binary decision and does not affect the grade directly (except for failing if these criteria are not met).

The grade then is derived using only four main measures. These are:

  • Results quality
  • Method competence
  • Effort expended
  • Presentation quality

Each measure is taken on scale of [0..10], where 0 means not present at all and 10 means perfect, with a linear distribution around the mean. The four measures are combined using the geometric mean, from which a grade in the German 1,00 – 5,00 grading system is derived.

This new grading scheme has been put into effect starting the academic year of 2017/18.