End-to-End Open-source Collaboration Guidance

Data Visualisation & Open Source Technology Working Group

Author

PHUSE Working Group

Abstract
This whitepaper provides guidance on the use of Open-Source Software (OSS), as well as collaboration on and creation of open-source projects used by data scientists in clinical reporting workflows

Guidance scope and purpose

The primary aim of this collaboration is to provide guidance within the context of how open source is relevant to PHUSE members, and link out to more information to avoid duplication on more generalisable topics. In this guidance, R packages are referenced as an example OSS project that is a focal point today in clinical reporting, but the principles extend to other libraries in python, julia, javascript, and more. The following topics are covered in this white paper:

Using open source

  • Relevance of different licence types
  • Watchouts on governance models and assessing risk
  • Landscape of tools available for vulnerability detection, validation, qualification, risk and enforcing licence policies, with particular reference to R-specific tools

Releasing open-source

  • A summary and recommendation of licence types, noting permissive vs copyleft licences and the ramifications on code built on top of your project
  • Relevance of licences present in dependencies, direct vs transitive dependencies, and the issues around compiling with dependencies that could occur in something like a public shiny app
  • Landscape of places to place open-source projects and build collaborative communities
  • Pros/benefits and cons/risks for companies to open-source clinical reporting codebases
  • Governance models for open-source projects with reference to their use today across clinical reporting collaborations
  • Summary of contract types present where intellectual property and copyright is shared between companies
  • Tools available to understand the general health of projects, with specific reference to R extensions
  • Tools for releasing and maintaining projects, with particular reference to tools for R packages