managing risks in open source software adoption: the riscoss approach, ow2con'14, paris
TRANSCRIPT
Managing risks in OSS adop/on: the RISCOSS approach
Xavier Franch, GESSI – UPC OW2Con’14
Paris (France), 6-‐Nov-‐2014
Risks and OSS ! Insufficient risk management has been reported as one of the topmost mistakes to avoid when implemen/ng OSS-‐based solu/ons
! Such risks can be manifold: – evalua/on, integra/on, context, process, quality and
evolu/on
! The RISCOSS project aims at the specifica/on of risk iden/fica/on, management and mi/ga/on methods in OSS adop8on
RISCOSS use cases Five use cases in public and private sectors
§ ERICSSON (large company)
§ CENATIC (public administra/on)
§ OW2 (large community)
§ XWiki (medium community and SME)
§ Moodbile (small community and organiza/on)
3-‐layered approach to risks
Measurement
Risk analysis
Goal analysis
Measures
Business goals
Project Comm-‐unity
Quan8ta8ve Indicators
Focus groups
Sta8s8cal analysis
Goal analysis
Scenario-‐based assessment
Expert
Contextual Indicators
Decision maker
The RISCOSS pla[orm
Risk data collector
Risk data collector manager
Risk data repository manager
Business analysis manager
Business analysis engine
Risk manager
Business repor6ng
tool
Risk data
Business manager
Business data
Key points § Risk ontology § Flexible data model
§ Mul/ple data sources
§ OSS adop/on pa]erns § Risk models
§ Linking to business
Ontology of risks Actor
Goal
Task
Resource
Organisa6on Element
Risk Event
Risk
Business Risk
impacts-‐on
realised-‐by
is-‐a
is-‐a
Risk Indicator evaluates
Risk Driver
aggrega6on-‐of
OSS measure
is-‐a
Flexible data model
Scope
Unit Product Process Project Component
OSS Componen
t
OSS Community
belongs-‐to
sub
super
Mul/ple data sources
Risk data
collector manage
r
Risk data collector
Risk data collector
Risk data collector
Risk data collector
OSS adop/on models
Risk models
Linking to business (i)
Linking to business (ii)
Pu_ng all together
Current state § Emphasis on building good risk models
— currently, licensing and quality factors — analysis of impact on business goals
§ Pla[orm scenario: adop/on of single component § Future steps
— composi/on of risk models
— new scenarios
§ Struggling to open asap!
For more informa/on: Xavier Franch, [email protected] RISCOSS project coordinator www.riscoss.eu #RiscossProject