Managing  risks  in  OSS  adop/on:  the  RISCOSS  approach  

Xavier  Franch,  GESSI  –  UPC  OW2Con’14  

Paris  (France),  6-­‐Nov-­‐2014  

Risks  and  OSS    !    Insufficient  risk  management  has  been  reported  as  one  of  the  topmost  mistakes  to  avoid  when  implemen/ng      OSS-­‐based  solu/ons  

!    Such  risks  can  be  manifold:  –  evalua/on,  integra/on,  context,  process,  quality  and  

evolu/on  

!    The  RISCOSS  project  aims  at  the  specifica/on  of  risk  iden/fica/on,  management  and  mi/ga/on  methods  in  OSS  adop8on  

RISCOSS  use  cases  Five  use  cases  in  public  and  private  sectors  

§  ERICSSON  (large  company)  

§  CENATIC  (public  administra/on)  

§  OW2  (large  community)  

§  XWiki  (medium  community  and  SME)  

§  Moodbile  (small  community  and  organiza/on)  

3-­‐layered  approach  to  risks  

Measurement  

Risk  analysis  

Goal  analysis  

Measures  

Business  goals  

Project   Comm-­‐unity  

Quan8ta8ve  Indicators  

Focus  groups  

Sta8s8cal  analysis  

Goal  analysis  

Scenario-­‐based  assessment  

Expert  

Contextual  Indicators  

Decision  maker  

The  RISCOSS  pla[orm  

Risk  data  collector

Risk  data  collector manager

Risk  data  repository manager

Business  analysis manager

Business  analysis engine

Risk  manager

Business  repor6ng  

tool

Risk  data

Business  manager

Business  data

Key  points  §  Risk  ontology  §  Flexible  data  model  

§  Mul/ple  data  sources  

§  OSS  adop/on  pa]erns  §  Risk  models  

§  Linking  to  business  

Ontology  of  risks  Actor

Goal

Task

Resource

Organisa6on  Element

Risk  Event

Risk

Business  Risk

impacts-­‐on

realised-­‐by

is-­‐a

is-­‐a

Risk  Indicator evaluates

Risk  Driver

aggrega6on-­‐of

OSS  measure

is-­‐a

Flexible  data  model  

Scope

Unit Product Process Project Component

OSS  Componen

t

OSS  Community

belongs-­‐to

sub

super

Mul/ple  data  sources  

Risk  data  

collector manage

r

Risk  data  collector

Risk  data  collector

Risk  data  collector

Risk  data  collector

OSS  adop/on  models  

Risk  models  

Linking  to  business  (i)  

Linking  to  business  (ii)  

Pu_ng  all  together  

Current  state  §  Emphasis  on  building  good  risk  models  

—  currently,  licensing  and  quality  factors  —  analysis  of  impact  on  business  goals  

§  Pla[orm  scenario:  adop/on  of  single  component  §  Future  steps  

—  composi/on  of  risk  models  

—  new  scenarios  

§  Struggling  to  open  asap!  

For  more  informa/on:  Xavier  Franch,  franch@essi.upc.edu  RISCOSS  project  coordinator  www.riscoss.eu  #RiscossProject