a layered approach to risk management in oss projects - presented at oss 2014
DESCRIPTION
In this paper, we propose a layered approach to managing risks in OSS projects. We define three layers: the first one for defining risk drivers by collecting and summarising available data from different data sources, including human-provided contextual information; the second layer, for converting these risk drivers into risk indicators; the third layer for assessing how these indicators impact the business of the adopting organisation.TRANSCRIPT
![Page 1: A layered approach to risk management in OSS projects - presented at OSS 2014](https://reader034.vdocuments.mx/reader034/viewer/2022042714/557cf973d8b42a071b8b4b14/html5/thumbnails/1.jpg)
A Layered Approach to Managing Risks in OSS Projects
X. Franch , R. Kenett , F. Mancinelli , A. Susi , D. Ameller , R. Ben‐Jacob , A. Siena
OSS 2014 – San José, Costa Rica
![Page 2: A layered approach to risk management in OSS projects - presented at OSS 2014](https://reader034.vdocuments.mx/reader034/viewer/2022042714/557cf973d8b42a071b8b4b14/html5/thumbnails/2.jpg)
Risks and OSSInsufficient risk management has been reported as one
of the topmost mistakes to avoid when implementing OSS‐based solutions
Such risks can be manifold:– evaluation, integration, context, process, quality and
evolution
![Page 3: A layered approach to risk management in OSS projects - presented at OSS 2014](https://reader034.vdocuments.mx/reader034/viewer/2022042714/557cf973d8b42a071b8b4b14/html5/thumbnails/3.jpg)
Hypothesis of work
Understanding, managing and mitigating OSS adoption risks is crucial to avoid potentially significant adverse impact on business goals, in terms of e.g. time to market, customer satisfaction, revenue and brand image
![Page 4: A layered approach to risk management in OSS projects - presented at OSS 2014](https://reader034.vdocuments.mx/reader034/viewer/2022042714/557cf973d8b42a071b8b4b14/html5/thumbnails/4.jpg)
The OSS project ecosystem
![Page 5: A layered approach to risk management in OSS projects - presented at OSS 2014](https://reader034.vdocuments.mx/reader034/viewer/2022042714/557cf973d8b42a071b8b4b14/html5/thumbnails/5.jpg)
The risk ontology
![Page 6: A layered approach to risk management in OSS projects - presented at OSS 2014](https://reader034.vdocuments.mx/reader034/viewer/2022042714/557cf973d8b42a071b8b4b14/html5/thumbnails/6.jpg)
A 3‐layer approach
![Page 7: A layered approach to risk management in OSS projects - presented at OSS 2014](https://reader034.vdocuments.mx/reader034/viewer/2022042714/557cf973d8b42a071b8b4b14/html5/thumbnails/7.jpg)
Layer 1. Data collection
![Page 8: A layered approach to risk management in OSS projects - presented at OSS 2014](https://reader034.vdocuments.mx/reader034/viewer/2022042714/557cf973d8b42a071b8b4b14/html5/thumbnails/8.jpg)
Layer 1. Scenario‐based assessment
Scenario 1 Scenario 2 Scenario N
15 21 …
3 3 …
15 23 …
mostlymorning
mostlynight
…
mostlyweekdays
mostlyweekdays
…
never sometimes …
? ? ?
Expert judgment
(Random) scenariosRisk drivers and value of the intervals of their distributions
![Page 9: A layered approach to risk management in OSS projects - presented at OSS 2014](https://reader034.vdocuments.mx/reader034/viewer/2022042714/557cf973d8b42a071b8b4b14/html5/thumbnails/9.jpg)
Layer 2. Risk indicator computation
Project Timeliness
Weekday: Whenthe commit was
madeBug fix time
Bug fix time forcritical & blocker
level bugs
Month: When thecommit was made
Hour: When thecommit was made
Month day: Whenthe commit was
made
Timeliness Risk Drivers
Commit frequency/ week
Probabilistic, efficient:• Diagnosis• Prediction• Classification• Decision-making
Built using: GeNie-SIMILE
![Page 10: A layered approach to risk management in OSS projects - presented at OSS 2014](https://reader034.vdocuments.mx/reader034/viewer/2022042714/557cf973d8b42a071b8b4b14/html5/thumbnails/10.jpg)
Project Timeliness
Outdated mobiletechnology
Business risks
Investment notreused
Distance learningbuggy
Studentsdissatisfied
Reputation schooldeclined
School objectsdistance learning
ActivenessTimeliness
Comunityactiviness
Comunitycohesion
Project riskindicators
Community riskindicators
Layer 2. Linking to business risks
![Page 11: A layered approach to risk management in OSS projects - presented at OSS 2014](https://reader034.vdocuments.mx/reader034/viewer/2022042714/557cf973d8b42a071b8b4b14/html5/thumbnails/11.jpg)
Layer 3. Goal reasoning
![Page 12: A layered approach to risk management in OSS projects - presented at OSS 2014](https://reader034.vdocuments.mx/reader034/viewer/2022042714/557cf973d8b42a071b8b4b14/html5/thumbnails/12.jpg)
The RISCOSS platform
![Page 13: A layered approach to risk management in OSS projects - presented at OSS 2014](https://reader034.vdocuments.mx/reader034/viewer/2022042714/557cf973d8b42a071b8b4b14/html5/thumbnails/13.jpg)
Conclusions and ongoing workThe 3‐layer approach helps in separating concerns in
analysis of the impact of risks in business goals
Ongoing work– Improving the automation degree of the solution– Running use cases in the RISCOSS project (cf. COMPSAC 2014)– Building a catalogue of patterns representing OSS business
strategies– Connecting existing sensors / measurement instruments to
the RISCOSS platform