managing risks in open source software adoption: the riscoss approach, ow2con'14, paris
TRANSCRIPT
![Page 1: Managing Risks in Open Source Software adoption: the RISCOSS Approach, OW2con'14, Paris](https://reader031.vdocuments.mx/reader031/viewer/2022030309/58f1db371a28abda4b8b461b/html5/thumbnails/1.jpg)
Managing risks in OSS adop/on: the RISCOSS approach
Xavier Franch, GESSI – UPC OW2Con’14
Paris (France), 6-‐Nov-‐2014
![Page 2: Managing Risks in Open Source Software adoption: the RISCOSS Approach, OW2con'14, Paris](https://reader031.vdocuments.mx/reader031/viewer/2022030309/58f1db371a28abda4b8b461b/html5/thumbnails/2.jpg)
Risks and OSS ! Insufficient risk management has been reported as one of the topmost mistakes to avoid when implemen/ng OSS-‐based solu/ons
! Such risks can be manifold: – evalua/on, integra/on, context, process, quality and
evolu/on
! The RISCOSS project aims at the specifica/on of risk iden/fica/on, management and mi/ga/on methods in OSS adop8on
![Page 3: Managing Risks in Open Source Software adoption: the RISCOSS Approach, OW2con'14, Paris](https://reader031.vdocuments.mx/reader031/viewer/2022030309/58f1db371a28abda4b8b461b/html5/thumbnails/3.jpg)
RISCOSS use cases Five use cases in public and private sectors
§ ERICSSON (large company)
§ CENATIC (public administra/on)
§ OW2 (large community)
§ XWiki (medium community and SME)
§ Moodbile (small community and organiza/on)
![Page 4: Managing Risks in Open Source Software adoption: the RISCOSS Approach, OW2con'14, Paris](https://reader031.vdocuments.mx/reader031/viewer/2022030309/58f1db371a28abda4b8b461b/html5/thumbnails/4.jpg)
3-‐layered approach to risks
Measurement
Risk analysis
Goal analysis
Measures
Business goals
Project Comm-‐unity
Quan8ta8ve Indicators
Focus groups
Sta8s8cal analysis
Goal analysis
Scenario-‐based assessment
Expert
Contextual Indicators
Decision maker
![Page 5: Managing Risks in Open Source Software adoption: the RISCOSS Approach, OW2con'14, Paris](https://reader031.vdocuments.mx/reader031/viewer/2022030309/58f1db371a28abda4b8b461b/html5/thumbnails/5.jpg)
The RISCOSS pla[orm
Risk data collector
Risk data collector manager
Risk data repository manager
Business analysis manager
Business analysis engine
Risk manager
Business repor6ng
tool
Risk data
Business manager
Business data
![Page 6: Managing Risks in Open Source Software adoption: the RISCOSS Approach, OW2con'14, Paris](https://reader031.vdocuments.mx/reader031/viewer/2022030309/58f1db371a28abda4b8b461b/html5/thumbnails/6.jpg)
Key points § Risk ontology § Flexible data model
§ Mul/ple data sources
§ OSS adop/on pa]erns § Risk models
§ Linking to business
![Page 7: Managing Risks in Open Source Software adoption: the RISCOSS Approach, OW2con'14, Paris](https://reader031.vdocuments.mx/reader031/viewer/2022030309/58f1db371a28abda4b8b461b/html5/thumbnails/7.jpg)
Ontology of risks Actor
Goal
Task
Resource
Organisa6on Element
Risk Event
Risk
Business Risk
impacts-‐on
realised-‐by
is-‐a
is-‐a
Risk Indicator evaluates
Risk Driver
aggrega6on-‐of
OSS measure
is-‐a
![Page 8: Managing Risks in Open Source Software adoption: the RISCOSS Approach, OW2con'14, Paris](https://reader031.vdocuments.mx/reader031/viewer/2022030309/58f1db371a28abda4b8b461b/html5/thumbnails/8.jpg)
Flexible data model
Scope
Unit Product Process Project Component
OSS Componen
t
OSS Community
belongs-‐to
sub
super
![Page 9: Managing Risks in Open Source Software adoption: the RISCOSS Approach, OW2con'14, Paris](https://reader031.vdocuments.mx/reader031/viewer/2022030309/58f1db371a28abda4b8b461b/html5/thumbnails/9.jpg)
Mul/ple data sources
Risk data
collector manage
r
Risk data collector
Risk data collector
Risk data collector
Risk data collector
![Page 10: Managing Risks in Open Source Software adoption: the RISCOSS Approach, OW2con'14, Paris](https://reader031.vdocuments.mx/reader031/viewer/2022030309/58f1db371a28abda4b8b461b/html5/thumbnails/10.jpg)
OSS adop/on models
![Page 11: Managing Risks in Open Source Software adoption: the RISCOSS Approach, OW2con'14, Paris](https://reader031.vdocuments.mx/reader031/viewer/2022030309/58f1db371a28abda4b8b461b/html5/thumbnails/11.jpg)
Risk models
![Page 12: Managing Risks in Open Source Software adoption: the RISCOSS Approach, OW2con'14, Paris](https://reader031.vdocuments.mx/reader031/viewer/2022030309/58f1db371a28abda4b8b461b/html5/thumbnails/12.jpg)
Linking to business (i)
![Page 13: Managing Risks in Open Source Software adoption: the RISCOSS Approach, OW2con'14, Paris](https://reader031.vdocuments.mx/reader031/viewer/2022030309/58f1db371a28abda4b8b461b/html5/thumbnails/13.jpg)
Linking to business (ii)
![Page 14: Managing Risks in Open Source Software adoption: the RISCOSS Approach, OW2con'14, Paris](https://reader031.vdocuments.mx/reader031/viewer/2022030309/58f1db371a28abda4b8b461b/html5/thumbnails/14.jpg)
Pu_ng all together
![Page 15: Managing Risks in Open Source Software adoption: the RISCOSS Approach, OW2con'14, Paris](https://reader031.vdocuments.mx/reader031/viewer/2022030309/58f1db371a28abda4b8b461b/html5/thumbnails/15.jpg)
Current state § Emphasis on building good risk models
— currently, licensing and quality factors — analysis of impact on business goals
§ Pla[orm scenario: adop/on of single component § Future steps
— composi/on of risk models
— new scenarios
§ Struggling to open asap!
![Page 16: Managing Risks in Open Source Software adoption: the RISCOSS Approach, OW2con'14, Paris](https://reader031.vdocuments.mx/reader031/viewer/2022030309/58f1db371a28abda4b8b461b/html5/thumbnails/16.jpg)
For more informa/on: Xavier Franch, [email protected] RISCOSS project coordinator www.riscoss.eu #RiscossProject