Guardrails for Growth: Governing Open-Source Software Risk in Healthtech Startups

Author

Tonya Humphrey, University of Missouri-St. LouisFollow

Document Type

Dissertation

Degree

Doctor of Business Administration

Major

Business Administration

Date of Defense

7-21-2025

Graduate Advisor

Dr. Dinesh Mirchandani

Committee

Dr. Joseph Rottman

Dr. Shaji Khan

Abstract

This dissertation investigates how healthcare software startups manage the risks associated with open-source software (OSS) use. Using a qualitative multi-site case study approach and thematic analysis, the study draws insights from interviews with developers, security professionals, and technology leaders in early-stage healthtech companies. Six key themes emerged: Strategic Governance and Oversight, Security and Compliance Practices, Operational Foundations and Standards, Risk Awareness and Technical Due Diligence, Technology Choices and Ecosystem Tools, and People and Culture. The findings reveal that, even in resource-constrained environments, effective OSS risk management is possible through lightweight governance, automation, and shared cultural responsibility. Practical implications include guidance for embedding security into engineering workflows, establishing scalable compliance practices, and fostering OSS literacy across roles. These insights culminate in a practitioner-focused playbook that translates the study’s findings into actionable tools for startup teams. The research contributes to the emerging literature on OSS governance in lean technology organizations and healthcare software ecosystems.

Recommended Citation

Humphrey, Tonya, "Guardrails for Growth: Governing Open-Source Software Risk in Healthtech Startups" (2025). Dissertations. 1530.
https://irl.umsl.edu/dissertation/1530