Abstract: Inner source is the use of open source software developing practices in proprietary software development across organizational borders. A signiﬁcant amount of companies are adopting inner source. Some companies already utilize inner source practices without a coordinated eﬀort to adopt inner source. It is unclear if the gains of inner source outweight the costs of running and adopting it because there is no quantitative method to determine the return on investment for inner source yet. In this paper, we develop a quantitative method to determine the return on investment of inner source. We followed a four phase research approach: First, we conducted a methodological literature review to collect methods and best practices on how to create a return on investment model. Second, we performed a exploratory literature review to identify typical inner source costs and gains. Third, we hypothesized formulas to quantify the costs and gains. Fourth, we prepared but not fully conducted an industry case study to evaluate the method. We provide a methode on how to determine the gains and costs induced by inner source and on how to aggregate them to the return on investment value. We evaluated our method at an organization already adopting inner source. As the results were inconclusive, we suggest further research on evaluating the method. This paper contains the ﬁrst method to determine the return on investment for inner source.
Keywords: Software engineering, open source, inner source, return on investement
PDFs: Master Thesis, Thesis Description
Reference: Sebastian Duda. A Method to Determine the Return on Investement of Inner Source. Bachelor Thesis, Friedrich-Alexander-Universität Erlangen-Nürnberg: 2017.
Abstract: Within the scope of industry 4.0 and digitalization, there is a growing danger of cyber crime and security attacks, causing huge harm for digital business. Therefore, in nowadays software development, IT-security is regarded as a quality criterion, determining the success of a product or project. Nevertheless, the complexity of security attacks, vulnerabilities and software development as a whole, complicates the reliable protection against and mitigation of security attacks.
To support software engineers to develop more secure software, this thesis shows the concept and presents a prototype of a software security rules methodology called Serum. Serum is designed to help software developers and all other project members in creating a more secure software. A domain-specific language was designed and integrated into a global knowledge management system (Sweble), to allow modeling and describing software assets, associated security attacks as well as known countermeasures. A second component, using the gathered security knowledge, was implemented, focusing on the support of software architects during the creation of a threat- and risk analysis. To facilitate the consideration of security even more a custom test- and dashboard system allows developers and test architects to monitor their contribution towards a more secure system.
The thesis should provide a basis for a holistic security support during all phases of the software development life cycle.
Keywords: IT-Security, threat analysis, DSL, Sweble, structured data
PDFs: Master Thesis
Reference: Florian Gerdes. Sweble Security Programming Plugin – Security Rules Engine. Master Thesis, Friedrich-Alexander-Universität Erlangen-Nürnberg: 2017.