A threat-rigidity analysis of the Apache Software Foundation's response to reported server security issues
DownloadFull printable version (11.94Mb)
Other Contributors
System Design and Management Program.
Advisor
Eric A. von Hippel.
Terms of use
Metadata
Show full item recordAbstract
There exists a broad body of literature documenting organizational responses to competitive threats, including those responses which fit into the threat-rigidity hypothesis. The purpose of this thesis is to investigate how a novel organizational form, the open-source software development community known as the Apache Software Foundation, responds to a specific type of threat: security issues reported to exist in its software products. An analysis of publicly available data from the Apache Software Foundation is conducted, the security issue handling process is described in detail, and an analysis on security issue origin, severity, and resolution is provided. Special attention is given to communication along the issue resolution process, as the threat-rigidity hypothesis predicts a reduction in the flow of information across the organization. (cont.) The results show that this organization defies some central predictions of the hypothesis: there is little reduction in information flow, little or no centralization in decision-making, and no loss of group-level focus. The research results are framed within the literature of user-led innovation and organizational behavior. The implications for traditional software development organizations are discussed, and recommendations for further research are provided.
Description
Thesis (S.M.)--Massachusetts Institute of Technology, System Design and Management Program, 2006. Page 141 blank. Includes bibliographical references (p. 84-87).
Date issued
2006Department
System Design and Management Program.Publisher
Massachusetts Institute of Technology
Keywords
System Design and Management Program.