ow2con'14 - managing risks in oss adoption: the riscoss approach
DESCRIPTION
This presentation will report on the progresses of the RISCOSS methods and software. Supported by the FP7 program, RISCOSS develops a risk management-based methodology to facilitate the adoption of open source code into mainstream products and services. RISCOSS develops a method and a software platform that integrate the whole decision-making chain, from technology criteria to strategic concerns. Using advanced software engineering techniques and risk management methodologies, RISCOSS develops innovative tools and methods to identify, manage and mitigate risks of integrating third-party open source software. RISCOSS not only enables users to collect informed intelligence on open source components, but goes one step further by offering risk analysies that adapts to individual business situations. RISCOSS delivers a complete solution rather than a piecemeal approach to enable mainstream product developers to safely integrate open source software in their developments. Itself an open source project, RISCOSS is open to thirdparty contributions to help the platform grow in functionalities and make the transition to a fully marketable product or service.TRANSCRIPT
Managing risks in OSS adop/on: the RISCOSS approach
Xavier Franch, GESSI – UPC OW2Con’14
Paris (France), 6-‐Nov-‐2014
Risks and OSS ! Insufficient risk management has been reported as one of the topmost mistakes to avoid when implemen/ng OSS-‐based solu/ons
! Such risks can be manifold: – evalua/on, integra/on, context, process, quality and
evolu/on
! The RISCOSS project aims at the specifica/on of risk iden/fica/on, management and mi/ga/on methods in OSS adop8on
RISCOSS use cases Five use cases in public and private sectors
§ ERICSSON (large company)
§ CENATIC (public administra/on)
§ OW2 (large community)
§ XWiki (medium community and SME)
§ Moodbile (small community and organiza/on)
3-‐layered approach to risks
Measurement
Risk analysis
Goal analysis
Measures
Business goals
Project Comm-‐unity
Quan8ta8ve Indicators
Focus groups
Sta8s8cal analysis
Goal analysis
Scenario-‐based assessment
Expert
Contextual Indicators
Decision maker
The RISCOSS pla[orm
Risk data collector
Risk data collector manager
Risk data repository manager
Business analysis manager
Business analysis engine
Risk manager
Business repor6ng
tool
Risk data
Business manager
Business data
Key points § Risk ontology § Flexible data model
§ Mul/ple data sources
§ OSS adop/on pa]erns § Risk models
§ Linking to business
Ontology of risks Actor
Goal
Task
Resource
Organisa6on Element
Risk Event
Risk
Business Risk
impacts-‐on
realised-‐by
is-‐a
is-‐a
Risk Indicator evaluates
Risk Driver
aggrega6on-‐of
OSS measure
is-‐a
Flexible data model
Scope
Unit Product Process Project Component
OSS Componen
t
OSS Community
belongs-‐to
sub
super
Mul/ple data sources
Risk data
collector manage
r
Risk data collector
Risk data collector
Risk data collector
Risk data collector
OSS adop/on models
Risk models
Linking to business (i)
Linking to business (ii)
Pu_ng all together
Current state § Emphasis on building good risk models
— currently, licensing and quality factors — analysis of impact on business goals
§ Pla[orm scenario: adop/on of single component § Future steps
— composi/on of risk models
— new scenarios
§ Struggling to open asap!
For more informa/on: Xavier Franch, [email protected] RISCOSS project coordinator www.riscoss.eu #RiscossProject