Case 3

Interviewee 2: Ambreen

Date: 28-Oct-20

Time: 2:00-2:50 PM

Mode: Face to Face

Interviewer: Before starting, please tell me about yourself.

Interviewee: Hello, my name is Ambreen and I am a research associate and a developer here
at National Cybercrimes and Forensics Lab.
Interviewer: Please share your email for correspondence?
Interviewee: ambreen.faisalh@gmail.com
Interviewer: What is your total work experience, and how long have you been working with
current organization?
Interviewee: My total work experience is 5 years but I have been working in this organization
for nearly two years on this same project. We have a role of research and development, so we
do research first in this project and then we develop or customize OSS. The role is solely of
research and pure development, where we need we only customize, for reference. Since
nature of work is research and development. When we do research, we study from book or
research paper so for code reference we see book or Open Source. So it’s about the need if
we are making an application or website, it was based on client requirement so research was
not part of it. Research is part of design when you design you do research. For client we have
proper requirements so we hardly customize. Small modules or components so we customize
in that case. However in research you are not bound, whenever we need any reference or help

Interviewer: Do you work with open-source projects?

Interviewee: This is my first time with an open-source project. We have researched in this
project and used open source. We design and develop and our requirements are not so strict,
the leverage of design is with us so we can go for OSS if we want. Since our project is an R
& D project, in case of a client led project the requirements are fixed and the option to
customize is little, however in case of an R & D options or leverage to customize more.
Interviewer: How many OSS projects you have participated in?
Interviewee: I have done four big projects like of 3-4 projects spanning 2-3 years and one
small one but those were not OSS. And I have not participated in any ERP project.
Interviewer: Are you a community contributor or only a user or issue manager? Do you
generally perform OSS customization or this is the first time?
Interviewee: No, I don’t because I don’t have time to maintain this work that’s why I don’t
contribute in a OSS community. and this is my first time on an OSS customization project.
Interviewer: Tell us something about the project.
Interviewee: We have modular requirements. We have different modules in a project. One
module is completely different from other modules. The overall project is forensics and all
branches are different modules. I can refer to books and if I find code in OSS I can refer to it.
I can also refer from research paper i.e. pseudo code, and see OSS. If we get OSS, we use it
after customizing, if it meets our requirements but if not, we build from scratch.
We have general requirements so we have flexibility in choosing. We see solutions, run them,
and see if they are working, we use them otherwise not. Sometimes we don’t find
anything so we don’t use make it from scratch.
Interviewer: What is this project starting and ending time?
Interviewee: Its July 2019, it’s a 2-year project and we have to give a beta version given in
March 2020.
Interviewer: How many team members are involved in this project?
The main team consists of total 5 teams, four developers, two junior, two senior, the project
manager and project lead, and, 10 supporting team members (junior researchers).
Interviewer: What motivated you to go for OSS customization?
Interviewee: First, we see solutions, we see if they can help us, we use otherwise we make
from scratch. it is a time savior where a lot of research is required to get started also it
provides insight on how to get started on a given problem even if not the whole
implementation.
Interviewer: Any other factors that influenced the decision?
Interviewee: If it is a well-commented code that helps in understanding how things are
working. Code available on open source is regularly improvised and updated, we only take
help, we don’t pick code and use it we only take help from it we don’t use it as such.
Interviewer: Does the organization’s policy support the customization of OSS?
Interviewee: Yes, it does.
Interviewer: Which platforms were used to search for OSS? Were platforms like GitHub or
Source Forge searched?
Interviewee: Most of the code is used from GitHub, and blogs for small OSS codes. GitHub
is the most widely used. If you search on Google, you get most from GitHub.
Interviewer: Which candidate OSS is identified?
Interviewee: Two or Three candidates identified from the list we got from Google or GitHub.
Sometimes it may be the case that we don’t find anything or sometimes only one option.
Sometimes if we find a code we find that it is not according to our requirement so we don’t
use it. Main thing is requirements whatever fulfills our requirement and of course efficiency
etc.
Interviewer: How did you prioritize the candidate OSS?
Interviewee:
Interviewer: Why the particular OSS was preferred over the others?
Interviewee:
Interviewer: Are the licensing requirements of the particular OSS considered during
selection?
Interviewee: Yes, we see that the OSS customized should be freeware. It should be available
for use.

Interviewer: What Software Development Lifecycle (SDLC) model is commonly followed in

the organization, and which one you follow for OSS customization?
Interviewee: Agile is mostly used and the Scrum practices in it.
Interviewer: If it is agile, are agile practices followed, and which ones are followed?
Interviewee: as I told in Agile practice, Scrum is followed.
Interviewer: What are the criteria for shortlisting the identified OSS? Is it familiarity with the
particular OSS, language or community support, etc.?
Interviewee: The criteria for shortlisting is the requirements, the one that is fulfilling our
requirements efficiently is chosen. First, we download and check, if it is okay, we customize
and use that code, and yes licensing requirements are also seen. We do not get integration
issues because of course first we customize that code according to our requirement then we
use it so it’s not like we are using the initial code as such. So when we are doing
customization the problems of integration are removed. Since code is customized and made
according to the code that we are writing.
Interviewer: How is the project is managed, kindly define the whole process in detail?
Interviewee: We work on modules and every member is responsible for his/her task
Interviewer: Tell us a little more about the selection of requirements, and the process of
requirement gathering and delivery. How requirements are discovered, analyzed, prioritized,
and specified. Please define in detail the whole process?
Interviewee: Requirements come to the developer team via the project manager. They are
flexible as we get general requirements, goals only and inner details are up to us. We get
flexible general requirements and we work further on it. We do our research for getting
requirements which includes research on the subject, available OSS and research on available
tools in the market.
Interviewer: How Software design and user interface design is made and who is involved in
these activities?
Interviewee: Developers, design, the requirements are modular so iteration by iteration cycle
is moving. Managers and developers are involved with software design.
Interviewer: How iterations are planned? Who does the prioritization of requirements?
Interviewee: Modular approach. The manager does the prioritization of requirements
according to the iterations.
Interviewer: Does anyone review the code, who writes unit testing, and is regression testing
done?
Interviewee: We review code ourselves of each other as you get other faults better. Unit
testing is also done by the developers (senior developers) and yes regression testing is done
after the integration of each module because that is when problems come.
Interviewer: How frequently code is merged and integrated into the main branch?
Interviewee: After every module. It depends on the size of the module; it can be one month or
a half-month module.
Interviewer: How frequently project is released to the customer? Or there will be one large
delivery to the customer at the end?
Interviewee: We have a release plan beforehand and we release accordingly.
Interviewer: How continuous testing is done?
Interviewee: It is done according to the plan.
Interviewer: Which roles are involved in the software development process?
Interviewee: A Project manager, Quality assurance, Developers, Testers, Designers, Analysts.

Currently we are developing testing and doing Quality assurance

Interviewer: What artifacts are made during the software development process? Are there any
other artifacts made and saved other than code?
Interviewee: Help Manual also we call it technical document, Code document, Prototype for
the team (give architectural view of the system) , and some planning documents about goals
and objectives.
Interviewer: What is the process of change and configuration management?
Interviewee: Change comes from the client; we discuss the changes and plan and integrate
them and improvise product. We plan release accordingly; we add improvements,
suggestions, or changes in the same release.
Interviewer: Are there any special roles, and artifacts related to change and configuration
management? What are the tools used for change and configuration management?
Interviewee: No special roles and artifacts are made however Bit bucket, Trello are used for
team assignment.
Interviewer: Can you summarize the whole process of OSS Customization?
Interviewee: I think I have answered all the previous questions stating this.
Interviewer: What are the challenges faced during customization? Are these customer or
technical-side challenges or challenges in the selection, customization, or delivery?
Interviewee: Redesigning of the open-source code, so technical challenges, and integration
issues. We study and see language issues, sometimes they are incomplete and published, we
identify loopholes, and sometimes error handling is not done. You add new things yourself.
Version of libraries used and platforms used are extensively updated and available code
doesn't support new versions
Interviewer: What type of challenges is more frequent?
Interviewee: Technical challenges as said earlier are more frequent
Interviewer: What type of challenges is more difficult to resolve?
Interviewee: Technical challenges are more difficult to resolve, also as a developer I am more
concerned and related to technical side challenges so can tell you about them.
Interviewer: What are the lessons learned/reflections from the previous customization of
OSS?
Interviewee: Overall review code. Beneficial if open source is available
Interviewer: What is that you will do differently if you perform the customization process
again? Anything you will do differently in the selection, customization, delivery, etc?
Interviewee: I think we will follow the same approach.
Interviewer: Any other reflections or experiences?
Interviewee: Working on OSS is a great source of learning, developers built upon solutions
created by other developers, and therefore the code is highly improvised.

Interviewer: How do you resolve the challenges? Explain a little about how you resolve
customer-side challenges and technical-side challenges?
Interviewee: We look for alternative approaches. We study and see, Language issues,
loopholes, and error handling not done. It’s only a prototype, incomplete and outdated, not
supporting new things so we add new things ourselves.