A Layered Approach to Managing Risks in OSS Projects
X. Franch , R. Kenett , F. Mancinelli , A. Susi , D. Ameller , R. Ben‐Jacob , A. Siena
OSS 2014 – San José, Costa Rica
Risks and OSSInsufficient risk management has been reported as one
of the topmost mistakes to avoid when implementing OSS‐based solutions
Such risks can be manifold:– evaluation, integration, context, process, quality and
evolution
Hypothesis of work
Understanding, managing and mitigating OSS adoption risks is crucial to avoid potentially significant adverse impact on business goals, in terms of e.g. time to market, customer satisfaction, revenue and brand image
The OSS project ecosystem
The risk ontology
A 3‐layer approach
Layer 1. Data collection
Layer 1. Scenario‐based assessment
Scenario 1 Scenario 2 Scenario N
15 21 …
3 3 …
15 23 …
mostlymorning
mostlynight
…
mostlyweekdays
mostlyweekdays
…
never sometimes …
? ? ?
Expert judgment
(Random) scenariosRisk drivers and value of the intervals of their distributions
Layer 2. Risk indicator computation
Project Timeliness
Weekday: Whenthe commit was
madeBug fix time
Bug fix time forcritical & blocker
level bugs
Month: When thecommit was made
Hour: When thecommit was made
Month day: Whenthe commit was
made
Timeliness Risk Drivers
Commit frequency/ week
Probabilistic, efficient:• Diagnosis• Prediction• Classification• Decision-making
Built using: GeNie-SIMILE
Project Timeliness
Outdated mobiletechnology
Business risks
Investment notreused
Distance learningbuggy
Studentsdissatisfied
Reputation schooldeclined
School objectsdistance learning
ActivenessTimeliness
Comunityactiviness
Comunitycohesion
Project riskindicators
Community riskindicators
Layer 2. Linking to business risks
Layer 3. Goal reasoning
The RISCOSS platform
Conclusions and ongoing workThe 3‐layer approach helps in separating concerns in
analysis of the impact of risks in business goals
Ongoing work– Improving the automation degree of the solution– Running use cases in the RISCOSS project (cf. COMPSAC 2014)– Building a catalogue of patterns representing OSS business
strategies– Connecting existing sensors / measurement instruments to
the RISCOSS platform