A Complex Adaptive Systems Perspective of Software Reuse in the Digital Age: : An Agenda for IS Research
Pages 1728 - 1743
Abstract
Software is instrumental to the accelerated pace of digital innovation, and our ability to rapidly develop and deliver digital products and services is largely based on the reuse of existing software. In recent years, packaged software reuse has emerged as an important phenomenon driving the creation of new software, both proprietary and open source, as well as the emergence and evolution of entire software ecosystems. Arguing that our theoretical understanding of the nature and the magnitude of current packaged software reuse practice remains limited, our objective with this research commentary is twofold. First, we draw attention to the importance of packaged software reuse and its relevance as a promising phenomenon of interest for information systems (IS) researchers. Second, we mobilize the concept of generativity to conceptualize packaged software as a form of technological innovation that fosters large-scale (re)combination and propose complex adaptive systems (CAS) as a theoretical foundation to help us engage with the current nature of the phenomenon. Using key principles of CAS as the generative foundation for our conceptual scaffolding, we offer a research framework for packaged software reuse and develop an agenda for IS research organized across three main axes. For each axis, we outline relevant research themes and research questions leveraging the nature of software as objects constituted of other pieces of software developed and maintained by heterogeneous groups of software developers. Shedding light on the renewed role of software reuse, our work contributes to ongoing conversations on generativity and software ecosystems as well as the design of digital products and services.
History: Suprateek Sarker, Senior Editor; Ning Su, Associate Editor.
Supplemental Material: The online appendix is available at https://doi.org/10.1287/isre.2023.1200.
References
[1]
Abdalkareem R, Nourry O, Wehaibi S, Mujahid S (2017) Why do developers use trivial packages? An empirical case study on npm. Bodden E, Schäfer W, van Deursen A, Zisman A, eds. 11th Joint Meeting Foundations Software Engrg (Association for Computing Machinery, New York), 385–395.
[2]
Albert D, Kreutzer M, Lechner C (2015) Resolving the paradox of interdependency and strategic renewal in activity systems. Acad. Management Rev. 40(2):210–234.
[3]
Anderson P (1999) Perspective: Complexity theory and organization science. Organ. Sci. 10(3):216–232.
[4]
Armbrust M, Fox A, Griffith R, Joseph AD, Katz R, Konwinski A, Lee G, Patterson D, Rabkin A, Stoica I (2010) A view of cloud computing. Comm. ACM 53(4):50–58.
[5]
Axelrod R, Cohen MD (2000) Harnessing Complexity: Organizational Implications of a Scientific Frontier (Basic Books, New York).
[6]
Banker RD, Davis GB, Slaughter SA (1998) Software development practices, software complexity, and software maintenance performance: A field study. Management Sci. 44(4):433–450.
[7]
Banker RD, Kauffman RJ, Zweig D (1993) Repository evaluation of software reuse. IEEE Trans. Software Engrg. 19(4):379–389.
[8]
Bansal P, Kim A, Wood MO (2018) Hidden in plain sight: The importance of scale in organizations’ attention to issues. Acad. Management Rev. 43(2):217–241.
[9]
Barros-Justo JL, Olivieri DN, Pinciroli F (2019) An exploratory study of the standard reuse practice in a medium sized software development firm. Comput. Standards Interfaces 61:137–146.
[10]
Bauer V, Vetro A (2016) Comparing reuse practices in two large software-producing companies. J. Systems Software 117:545–582.
[11]
Benbya H, McKelvey B (2006) Toward a complexity theory of information systems development. Inform. Tech. People 19(1):12–34.
[12]
Benbya H, Nan N, Tanriverdi H, Yoo Y (2020) Complexity and information systems research in the emerging digital world. Management Inform. Systems Quart. 44(1):1–17.
[13]
Bennett K (1996) Software evolution: Past, present and future. Inform. Software Tech. 38(11):673–680.
[14]
Boehm B (1999) Managing software productivity and reuse. Comput. 32(9):111–113.
[15]
Bogart C, Kästner C, Herbsleb J (2015) When it breaks, it breaks: How ecosystem developers reason about the stability of dependencies. Menzies T, Ye Y, eds. IEEE/ACM Internat. Conf. Automated Software Engrg. Workshop, (IEEE Computer Society, Washington, DC), 86–89.
[16]
Bogart C, Kästner C, Herbsleb J, Thung F (2021) When and how to make breaking changes. ACM Trans. Software Engrg. Methodology 30(4):1–56.
[17]
Boisot M, McKelvey B (2010) Integrating modernist and postmodernist perspectives on organizations: A complexity science bridge. Acad. Management Rev. 35(3):415–433.
[18]
Boldi P, Gousios G (2021) Fine-grained network analysis for modern software ecosystems. ACM Trans. Internet Tech. 21(1):1–14.
[19]
Brown C (2022) The package analysis project: Scalable detection of malicious open source packages. Accessed May 1, 2022, https://security.googleblog.com/2022/04/the-package-analysis-project-scalable.html.
[20]
Carmichael T, Hadžikadić M (2019) The fundamentals of complex adaptive systems. Carmichael T, Collins AJ, Hadžikadić M, eds. Complex Adaptive Systems: Views from the Physical, Natural, and Social Sciences (Springer, Cham, Switzerland), 1–16.
[21]
Chengalur-Smith I, Sidorova A, Daniel S (2010) Sustainability of free/libre open source projects: A longitudinal study. J. Assoc. Inform. Systems 11(11).
[22]
Choi TY, Dooley KJ, Rungtusanatham M (2001) Supply networks and complex adaptive systems: Control versus emergence. J. Oper. Management 19(3):351–366.
[23]
Cimpanu C (2019) Developer takes down Ruby library after he finds out ICE was using it. Accessed September 20, 2019, https://www.zdnet.com/article/developer-takes-down-ruby-library-after-he-finds-out-ice-was-using-it/.
[24]
Cimpanu C (2020) More than 75% of all vulnerabilities reside in indirect dependencies. Accessed July 2, 2020, https://www.zdnet.com/article/more-than-75-of-all-vulnerabilities-reside-in-indirect-dependencies/.
[25]
Currie TC, Jackson J (2016) npm tightens unpublishing policy after the internet-disrupting Kik fracas. Accessed March 15, 2017, https://thenewstack.io/the-kik-kerfuffle/.
[26]
Decan A, Mens T, Grosjean P (2018) An empirical comparison of dependency network evolution in seven software packaging ecosystems. Empirical Software Engrg. (24):381–416.
[27]
de Lima Fontão A, dos Santos RP, Dias-Neto AC (2019) Exploiting repositories in mobile software ecosystems from a governance perspective. Inform. Systems Frontiers 21(1):143–161.
[28]
Dennis AR, Fuller RM, Valacich JS (2008) Media, tasks, and communication processes: A theory of media synchronicity. Management Inform. Systems Quart. 32(3):575–600.
[29]
Dooley KJ (1997) A complex adaptive systems model of organization change. Nonlinear Dynamics Psych. Life Sci. 1(1):69–97.
[30]
Durumeric Z, Kasten J, Adrian D, Halderman JA, Bailey M, Li F, Weaver N, Amann J, Beekman J, Payer M (2014) The matter of Heartbleed. Williamson C, Akella A, Taft N, eds. Proc. 2014 Conf. Internet Measurement (Association for Computing Machinery, New York), 475–488.
[31]
Feitosa D, Ampatzoglou A, Gkortzis A, Bibi S, Chatzigeorgiou A (2020) CODE reuse in practice: Benefiting or harming technical debt. J. Systems Software 167:110618.
[32]
Gaim M, Wåhlin N, Pina e Cunha M, Clegg S (2018) Analyzing competing demands in organizations: A systematic comparison. J. Organ. Design 7(1):1–16.
[33]
Ghanam Y, Maurer F, Abrahamsson P (2012) Making the leap to a software platform strategy: Issues and challenges. Inform. Software Tech. 54(9):968–984.
[34]
Goodin D (2021) Malicious npm packages are part of a malware “barrage” hitting repositories. Accessed December 10, 2021, https://arstechnica.com/information-technology/2021/12/malicious-packages-sneaked-into-npm-repository-stole-discord-tokens/.
[35]
Gupta A, Li JY, Conradi R, Ronneberg H, Landre E (2009) A case study comparing defect profiles of a reused framework and of applications reusing IT. Empirical Software Engrg. 14(2):227–255.
[36]
Haefliger S, Von Krogh G, Spaeth S (2008) Code reuse in open source software. Management Sci. 54(1):180–193.
[37]
Henry E, Faller B (1995) Large-scale industrial reuse to reduce cost and cycle time. IEEE Software 12(5):47–53.
[38]
Holland JH (1995) Hidden Order: How Adaptation Builds Complexity (Basic Books, New York).
[39]
Holland JH (2006) Studying complex adaptive systems. J. Systems Sci. Complexity 19:1–8.
[40]
Holmes R, Walker RJ (2013) Systematizing pragmatic software reuse. ACM Trans. Software Engrg. Methodology 21(4):1–44.
[41]
Hukal P, Henfridsson O, Shaikh M, Parker G (2020) Platform signaling for generating platform content. Management Inform. Systems Quart. 44(3):1177–1205.
[42]
Isoda S (1995) Experiences of software reuse project. J. Systems Software 30(3):171–186.
[43]
Jackson J (2019) To reduce technical debt, eliminate dependencies (and refactoring). Accessed April 2, 2019, https://thenewstack.io/to-reduce-tech-debt-eliminate-dependencies-and-refactoring/.
[44]
Jeyaraj A, Zadeh AH (2020) Evolution of information systems research: Insights from topic modeling. Inform. Management 57(4):103207.
[45]
Johnson N (2009) Simply Complexity: A Clear Guide to Complexity Theory (Oneworld Publications, Oxford, UK).
[46]
Jones R, Corner J (2012) Seeing the forest and the trees: A complex adaptive systems lens for mentoring. Human Relations 65(3):391–411.
[47]
Kagdi H, Collard ML, Maletic JI (2007) A survey and taxonomy of approaches for mining software repositories in the context of software evolution. J. Software Maintenance Evolution 19(2):77–131.
[48]
Kauffman SA (1993) The Origins of Order: Self-Organization and Selection in Evolution (Oxford University Press, New York).
[49]
Kim RM, Kaplan SM (2011) Toward a synthesis of complex adaptive systems and actor-network theory. Seltsikas P, Bunker D, Dawson L, Indulska M, eds. Australasian Conf. Inform. Systems (Association for Information Systems, Atlanta), 1–11.
[50]
Kim Y, Stohr EA (1998) Software reuse: Survey and research directions. J. Management Inform. Systems 14(4):113–147.
[51]
Kol M, Oberman S (2020) Ripple20: CVE-2020-11896 RCE, CVE-2020-11898 info leak. Report. Accessed July 30, 2020, https://www.jsof-tech.com/wp-content/uploads/2020/06/JSOF_Ripple20_Technical_Whitepaper_June20.pdf.
[52]
Kovacs E (2022) Spring4Shell: Spring flaws lead to confusion, concerns of new Log4Shell-like threat. Accessed April 2, 2022, https://www.securityweek.com/spring4shell-spring-flaws-lead-confusion-concerns-new-log4shell-threat.
[53]
Krueger CW (1992) Software reuse. ACM Comput. Surveys 24(2):131–183.
[54]
Ladyman J, Lambert J, Wiesner K (2013) What is a complex system? Eur. J. Philos. Sci. 3(1):33–67.
[55]
Langley A, Sloan P (2012) Organizational change and dialectic processes. Boje DM, Burnes B, Hassard J, eds. The Routledge Companion to Organizational Change (Routledge, New York).
[56]
Laurent AMS (2004) Understanding Open Source and Free Software Licensing (O’Reilly Media, Sebastopol, CA).
[57]
Levin SA (1998) Ecosystems and the biosphere as complex adaptive systems. Ecosystems (N. Y.) 1(5):431–436.
[58]
Lewis MW (2000) Exploring paradox: Toward a more comprehensive guide. Acad. Management Rev. 25(4):760–776.
[59]
Link GJ, Germonprez M (2016) Understanding open source communities as complex adaptive systems: A case of the R Project community. Americas Conf. Inform. Systems (Association for Information Systems, Atlanta), 1–10.
[60]
Mäkitalo N, Taivalsaari A, Kiviluoto A, Mikkonen T, Capilla R (2020) On opportunistic software reuse. Comput. 102:2385–2408.
[61]
McKelvey B (1997) Perspective: Quasi-natural organization science. Organ. Sci. 8(4):351–380.
[62]
Mens T, Demeyer S (2008) Introduction and roadmap: History and challenges of software evolution. Mens T, Demeyer S, eds. Software Evolution (Springer, Berlin), 1–11.
[63]
Mikkonen T, Taivalsaari A (2019) Software reuse in the era of opportunistic design. IEEE Software 36(3):105–111.
[64]
Mitleton-Kelly E (2003) Complex Systems and Evolutionary Perspectives on Organizations: The Application of Complexity Theory to Organizations (Elsevier Science, Oxford, UK).
[65]
The MITRE Corporation (2021a) CVE-2021-21315. Accessed April 3, 2021, https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21315.
[66]
The MITRE Corporation (2021b) CVE-2021-44228. Accessed December 12, 2021, https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228.
[67]
Morel B, Alexander P (2004) Automating component reuse and adaptation. IEEE Trans. Software Engrg. 30(9):587–600.
[68]
Morisio M, Ezran M, Tully C (2002) Success and failure factors in software reuse. IEEE Trans. Software Engrg. 28(4):340–357.
[69]
Muffatto M, Faldani M (2003) Open source as a complex adaptive system. Emergence 5(3):83–100.
[70]
Musser DR, Stepanov AA (1988) Generic programming. Gianni PM, ed. Internat. Sympos. Symbolic Algebraic Comput. (Springer-Verlag, Berlin), 13–25.
[71]
Nan N (2011) Capturing bottom-up information technology use processes: A complex adaptive systems model. Management Inform. Systems Quart. 35(2):505–532.
[72]
Nan N, Lu Y (2014) Harnessing the power of self-organization in an online community during organizational crisis. Management Inform. Systems Quart. 38(4):1135–1158.
[73]
Nan N, Tanriverdi H (2017) Unifying the role of IT in hyperturbulence and competitive advantage via a multilevel perspective of IS strategy. Management Inform. Systems Quart. 41(3):937–958.
[74]
Nan N, Zmud R, Yetgin E (2014) A complex adaptive systems perspective of innovation diffusion: an integrated theory and validated virtual laboratory. Comput. Math. Organ. Theory 20(1):52–88.
[75]
Neely K (2015) Complex adaptive systems as a valid framework for understanding community level development. Development Practice 25(6):785–797.
[76]
Negoita B, Vial G, Shaikh M, Labbe A (2019) Code forking and software development project sustainability: Evidence from GitHub. Krcmar H, Fedorowicz J, eds. Internat. Conf. Inform. Systems (Association for Information Systems, Atlanta), 1–17.
[77]
Newman S (2015) Building Microservices (O’Reilly Media, Sebastopol, CA).
[78]
Nickerson RC, Varshney U, Muntermann J (2013) A method for taxonomy development and its application in information systems. Eur. J. Inform. Systems 22(3):336–359.
[79]
Oberländer AM, Lösser B, Rau D (2019) Taxonomy research in information systems: A systematic assessment. Johannesson P, Ågerfalk P, Helms R, eds. Eur. Conf. Inform. Systems (Association for Information Systems, Atlanta), 1–17.
[80]
Oswick C, Fleming P, Hanlon G (2011) From borrowing to blending: Rethinking the processes of organizational theory building. Acad. Management Rev. 36(2):318–337.
[81]
Oxford Dictionaries (2016) Oxford dictionaries—Dictionary, thesaurus, & grammar. Accessed July 20, 2015, https://en.oxforddictionaries.com/.
[82]
Palyart M, Murphy GC, Masrani V (2018) A study of social interactions in open source component use. IEEE Trans. Software Engrg. 44(12):1132–1145.
[83]
Peterson R (2004) Crafting information technology governance. Inform. Systems Management 21(4):7–22.
[84]
Phelan SE (1999) A note on the correspondence between complexity and systems theory. Systemic Practice Action Res. 12(3):237–246.
[85]
Putnam LL, Fairhurst GT, Banghart S (2016) Contradictions, dialectics, and paradoxes in organizations: A constitutive approach. Acad. Management Ann. 10(1):65–171.
[86]
Ronacher A (2022) Dependency risk and funding. Accessed March 15, 2022, https://lucumr.pocoo.org/2022/1/10/dependency-risk-and-funding/.
[87]
Ryan A (2008) What is a systems approach? Nonlinear Sci. Adaptation Self-Organizing Systems 8(9):1–39.
[88]
Sangwan RS, Vercellone-Smith P, Laplante PA (2008) Structural epochs in the complexity of software over time. IEEE Software 25(4):66–73.
[89]
Seals T (2020) “Ripple20” bugs impact hundreds of millions of connected devices. Accessed June 15, 2020, https://threatpost.com/millions-connected-devices-ripple20-bugs/156599/.
[90]
Sherif K, Zmud RW, Browne GJ (2006) Managing peer-to-peer conflicts in disruptive information technology innovations: The case of software reuse. Management Inform. Systems Quart. 30(2):339–356.
[91]
Sidorova A, Evangelopoulos N, Valacich JS, Ramakrishnan T (2008) Uncovering the intellectual core of the information systems discipline. Management Inform. Systems Quart. 32(3):467–482.
[92]
Simon HA (1991) The architecture of complexity. Klir G, ed. Facets of Systems Science (Springer, New York), 457–476.
[93]
Singer L, Figueira Filho F, Storey M-A (2014) Software engineering at the speed of light: How developers stay current using Twitter. Jalote P, Briand L, van der Hoek A, eds. Proc. 36th Internat. Conf. Software Engrg. (Association for Computing Machinery, New York), 211–221.
[94]
Snyk Inc. (2020) The state of open source security report 2020. Accessed August 10, 2020, https://snyk.io/series/open-source-security/report-2020/.
[95]
Sojer M, Henkel J (2010) Code reuse in open source software development: Quantitative evidence, drivers, and impediments. J. Assoc. Inform. Systems 11(12):868–901.
[96]
Solomon H (2021) Canadian websites temporarily shut down as world scrambles to mitigate or patch Log4Shell vulnerability. Accessed December 14, 2021, https://www.itworldcanada.com/article/canadian-websites-temporarily-shut-down-as-world-scrambles-to-mitigate-or-patch-log4shell-vulnerability/468264.
[97]
Soto-Valero C, Harrand N, Monperrus M, Baudry B (2021) A comprehensive study of bloated dependencies in the Maven ecosystem. Empirical Software Engrg. 26(3):45.
[98]
Synopsys (2020) Synopsys study shows that ninety-one percent of commercial applications contain outdated or abandoned open source components. Accessed July 3, 2020, https://news.synopsys.com/2020-05-12-Synopsys-Study-Shows-that-Ninety-One-Percent-of-Commercial-Applications-Contain-Outdated-or-Abandoned-Open-Source-Components.
[99]
Tanriverdi H, Rai A, Venkatraman N (2010) Research commentary—Teframing the dominant quests of information systems strategy research for complex adaptive business systems. Inform. Systems Res. 21(4):822–834.
[100]
Tiwana A (2015) Evolutionary competition in platform ecosystems. Inform. Systems Res. 26(2):266–281.
[101]
Tiwana A, Konsynski B, Bush AA (2010) Research commentary—Platform evolution: Coevolution of platform architecture, governance, and environmental dynamics. Inform. Systems Res. 21(4):675–687.
[102]
Tung L (2022) Open-source security: It’s too easy to upload “devastating” malicious packages, warns Google. Accessed May 3, 2022, https://www.zdnet.com/article/open-source-security-its-too-easy-to-upload-devastating-malicious-packages-warns-google/.
[103]
Turner JR, Baker RM (2019) Complexity theory: An overview with potential applications for the social sciences. Systems 7(4):1–22.
[104]
Um S, Zhang B, Wattal S, Yoo Y (2022) Software components and product variety in a digital platform ecosystem: A dynamic network analysis of WordPress. Inform. Systems Res., ePub ahead of print November 18, https://doi.org/10.1287/isre.2022.1172.
[105]
Välimäki M (2005) The Rise of Open Source Licensing. A Challenge to the Use of Intellectual Property in the Software Industry (Department of Computer Science and Engineering, Aalto University, Helsinki, Finland).
[106]
Vessey I, Ward K (2013) The dynamics of sustainable IS alignment: The case for IS adaptivity. J. Assoc. Inform. Systems 14(6):283–311.
[107]
Vial G (2022) Manage the risks of software reuse. MIT Sloan Management Rev. 63(4).
[108]
Vidgen R, Wang X (2009) Coevolving systems and the organization of agile software development. Inform. Systems Res. 20(3):355–376.
[109]
Von Bertalanffy L (1972) The history and status of general systems theory. Acad. Management J. 15(4):407–426.
[110]
Waldrop MM (1993) Complexity: The Emerging Science at the Edge of Order and Chaos (Touchstone, New York).
[111]
Wareham J, Fox PB, Cano Giner JL (2014) Technology ecosystem governance. Organ. Sci. 25(4):1195–1215.
[112]
Yoo Y (2013) The tables have turned: How can the information systems field contribute to technology and innovation management research? J. Assoc. Inform. Systems 14(5):227–236.
[113]
Zerouali A, Mens T, Gonzalez‐Barahona J, Decan A, Constantinou E, Robles G (2019) A formal framework for measuring technical lag in component repositories—And its application to npm. J. Software 31(8):e2157.
[114]
Zimmermann T, Nagappan N (2008) Predicting defects using network analysis on dependency graphs. Schäfer W, Dwyer MB, Gruhn V, eds. Internat. Conf. Software Engrg. (Association for Computing Machinery, New York), 531–540.
[115]
Zittrain JL (2006) The generative internet. Harvard Law Rev. 119(7):1974–2040.
Recommendations
Software reuse
Software reuse is the process of creating software systems from existing software rather than building software systems from scratch. This simple yet powerful vision was introduced in 1968. Software reuse has, however, failed to become a standard ...
Code Reuse in Open Source Software
Code reuse is a form of knowledge reuse in software development that is fundamental to innovation in many fields. However, to date there has been no systematic investigation of code reuse in open source software projects. This study uses quantitative ...
Forty years of software reuse
Forty years of software reuseThis paper is an overview of software reuse, its origins, research areas and main historical contributions. Reuse as the process of using existing software artefacts and knowledge has more than 40-year long history, and is ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
Copyright © 2023, INFORMS.
Publisher
INFORMS
Linthicum, MD, United States
Publication History
Published: 01 December 2023
Accepted: 04 January 2023
Received: 26 September 2019
Author Tags
Qualifiers
- Research-article
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 0Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 13 Nov 2024
Other Metrics
Citations
View Options
View options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in