![Page 1: iStar 2013: Using i* to Represent OSS Ecosystems for Risk Assessment](https://reader034.vdocument.in/reader034/viewer/2022052621/557cf933d8b42a98158b4b5b/html5/thumbnails/1.jpg)
Using i* to Represent OSS Ecosystems for Risk
Assessment Claudia Ayala, Xavier Franch, Lidia
López, Mirko Morandini, Angelo Susi
![Page 2: iStar 2013: Using i* to Represent OSS Ecosystems for Risk Assessment](https://reader034.vdocument.in/reader034/viewer/2022052621/557cf933d8b42a98158b4b5b/html5/thumbnails/2.jpg)
2
i* for Risk Assess. in OSS Ecosystems
Content
• Motivation
• Research Objectives
• Scientific Contributions
• Conclusions, Ongoing & Future Work
![Page 3: iStar 2013: Using i* to Represent OSS Ecosystems for Risk Assessment](https://reader034.vdocument.in/reader034/viewer/2022052621/557cf933d8b42a98158b4b5b/html5/thumbnails/3.jpg)
3
i* for Risk Assess. in OSS Ecosystems
MOTIVATIONS
![Page 4: iStar 2013: Using i* to Represent OSS Ecosystems for Risk Assessment](https://reader034.vdocument.in/reader034/viewer/2022052621/557cf933d8b42a98158b4b5b/html5/thumbnails/4.jpg)
4
i* for Risk Assess. in OSS Ecosystems
Motivation• OSS Strategic asset
Short-time to market Reduced development & maintenance cost …
• OSS Integration involves risks RISCOSS will provide some risk management
strategies for risk identification & mitigation• OSS Project composed by multiple “Actors”
RISCOSS wants to explore the Strategic Rationale behind the OSS Ecosystem
![Page 5: iStar 2013: Using i* to Represent OSS Ecosystems for Risk Assessment](https://reader034.vdocument.in/reader034/viewer/2022052621/557cf933d8b42a98158b4b5b/html5/thumbnails/5.jpg)
5
i* for Risk Assess. in OSS Ecosystems
RISCOSS ProjectSpecification of risk identification, management
and mitigation methods
community-based and industry-supported Open Source Software (OSS) development,
composition and life cycle management
individually, collectively and collaboratively manage OSS adoption risks
for
to
![Page 6: iStar 2013: Using i* to Represent OSS Ecosystems for Risk Assessment](https://reader034.vdocument.in/reader034/viewer/2022052621/557cf933d8b42a98158b4b5b/html5/thumbnails/6.jpg)
6
i* for Risk Assess. in OSS Ecosystems
RESEARCH OBJECTIVES
![Page 7: iStar 2013: Using i* to Represent OSS Ecosystems for Risk Assessment](https://reader034.vdocument.in/reader034/viewer/2022052621/557cf933d8b42a98158b4b5b/html5/thumbnails/7.jpg)
7
i* for Risk Assess. in OSS Ecosystems
Research Objectives• COTS Adoption Processes: Well-defined
Guidelines for risk analysis, cost estimation & contract agreement
• OSS Adoption Process: Missing • OSS Community:
+1 business goal No service Agreement No “formal” roadmap Risks: lack of roadmap and ownership, unclear
responsibility and response time (bugs),…
![Page 8: iStar 2013: Using i* to Represent OSS Ecosystems for Risk Assessment](https://reader034.vdocument.in/reader034/viewer/2022052621/557cf933d8b42a98158b4b5b/html5/thumbnails/8.jpg)
8
i* for Risk Assess. in OSS Ecosystems
One RISCOSS Main Objective• O1: Support Risk Assessment for OSS adoption
using i* framework … Understanding the OSS Ecosystem Evaluating risks
• Lack of ownership: strategic dependencies?• Lack of roadmap: community structure?
• … providing … Guidelines Measures
• … to support the decision process
![Page 9: iStar 2013: Using i* to Represent OSS Ecosystems for Risk Assessment](https://reader034.vdocument.in/reader034/viewer/2022052621/557cf933d8b42a98158b4b5b/html5/thumbnails/9.jpg)
9
i* for Risk Assess. in OSS Ecosystems
SCIENTIFIC CONTRIBUTIONS
![Page 10: iStar 2013: Using i* to Represent OSS Ecosystems for Risk Assessment](https://reader034.vdocument.in/reader034/viewer/2022052621/557cf933d8b42a98158b4b5b/html5/thumbnails/10.jpg)
10
i* for Risk Assess. in OSS Ecosystems
Scientific Contributions
• Ecosystem Patterns
• Levels of abstraction
• Guidelines for specification models &
repositories
• New modelling concepts
![Page 11: iStar 2013: Using i* to Represent OSS Ecosystems for Risk Assessment](https://reader034.vdocument.in/reader034/viewer/2022052621/557cf933d8b42a98158b4b5b/html5/thumbnails/11.jpg)
11
i* for Risk Assess. in OSS Ecosystems
Ecosystem Patterns• Role: Producer, Consumer, Community• Setting: Industrial, Academia, Public
Administration• Business Strategy: from OSS collaboration to
exploitation• Business Process: adoption, migration,
consolidation, improvement
![Page 12: iStar 2013: Using i* to Represent OSS Ecosystems for Risk Assessment](https://reader034.vdocument.in/reader034/viewer/2022052621/557cf933d8b42a98158b4b5b/html5/thumbnails/12.jpg)
12
i* for Risk Assess. in OSS Ecosystems
Level of Abstraction• Different level of detail (class/instance)
E.g. Instances for identifying heroes • 3 i* Diagrams
SA: OSS Ecosystem actor relationships SD: OSS Ecosystem actors dependencies SR: OSS Ecosystem actor & dependencies rationale
![Page 13: iStar 2013: Using i* to Represent OSS Ecosystems for Risk Assessment](https://reader034.vdocument.in/reader034/viewer/2022052621/557cf933d8b42a98158b4b5b/html5/thumbnails/13.jpg)
13
i* for Risk Assess. in OSS Ecosystems
XWiki.org SA Diagram
![Page 14: iStar 2013: Using i* to Represent OSS Ecosystems for Risk Assessment](https://reader034.vdocument.in/reader034/viewer/2022052621/557cf933d8b42a98158b4b5b/html5/thumbnails/14.jpg)
14
i* for Risk Assess. in OSS Ecosystems
XWiki.org SD Diagram
![Page 15: iStar 2013: Using i* to Represent OSS Ecosystems for Risk Assessment](https://reader034.vdocument.in/reader034/viewer/2022052621/557cf933d8b42a98158b4b5b/html5/thumbnails/15.jpg)
15
i* for Risk Assess. in OSS Ecosystems
XWiki.org SR Diagram
![Page 16: iStar 2013: Using i* to Represent OSS Ecosystems for Risk Assessment](https://reader034.vdocument.in/reader034/viewer/2022052621/557cf933d8b42a98158b4b5b/html5/thumbnails/16.jpg)
16
i* for Risk Assess. in OSS Ecosystems
Guidelines & Repository• RiSD Adaptation• Need to define
General guidelines for SR Specific guidelines related to OSS Ecosystems
Who is the “responsible” for the roadmap? How “companies” influences the community?
• Repository for OSS models For analysts to get project overview and identify
risks
![Page 17: iStar 2013: Using i* to Represent OSS Ecosystems for Risk Assessment](https://reader034.vdocument.in/reader034/viewer/2022052621/557cf933d8b42a98158b4b5b/html5/thumbnails/17.jpg)
17
i* for Risk Assess. in OSS Ecosystems
New Modelling Concepts• Risk-related constructs
Risk, event, …• For dependencies:
No delegations/responsibilities, but “expectations”?
No duties, but “social norms”?
Available i* risk modelling approaches
![Page 18: iStar 2013: Using i* to Represent OSS Ecosystems for Risk Assessment](https://reader034.vdocument.in/reader034/viewer/2022052621/557cf933d8b42a98158b4b5b/html5/thumbnails/18.jpg)
18
i* for Risk Assess. in OSS Ecosystems
CONCLUSIONS & FUTURE WORK
![Page 19: iStar 2013: Using i* to Represent OSS Ecosystems for Risk Assessment](https://reader034.vdocument.in/reader034/viewer/2022052621/557cf933d8b42a98158b4b5b/html5/thumbnails/19.jpg)
19
i* for Risk Assess. in OSS Ecosystems
Conclusions• RISCOSS objective: Support decision making
related to the risk assessment in OSS adoption• i* for OSS Ecosystem models• Scientific Contributions
Ecosystem Patterns: Role, Setting, Business Strategy & Business Process
Levels of abstraction & SA Diagrams Guidelines for specification models & repositories New modelling concepts
![Page 20: iStar 2013: Using i* to Represent OSS Ecosystems for Risk Assessment](https://reader034.vdocument.in/reader034/viewer/2022052621/557cf933d8b42a98158b4b5b/html5/thumbnails/20.jpg)
20
i* for Risk Assess. in OSS Ecosystems
Ongoing & Future Work• We …
Modeled RISCOSS 5 use cases (i*) Are analyzing these models in order to …
• Identifying potential patterns• Identify potential new modelling concepts
• Furthermore, we are … SLRs: OSS Ontologies, OSS Ecosystems & OSS Risks
• In order to… Define an ontology linked to the i* elements (UFO) Identifying risks, metrics & mitigation activities
![Page 22: iStar 2013: Using i* to Represent OSS Ecosystems for Risk Assessment](https://reader034.vdocument.in/reader034/viewer/2022052621/557cf933d8b42a98158b4b5b/html5/thumbnails/22.jpg)
22
i* for Risk Assess. in OSS Ecosystems
i* Mapping
RISCOSS Ontology concepts i* Construct
Activity and all the Activity types Task
Actor and all the Actor types Actor
Community Actor
Resources and all the Resource types Resource
Role and all the Role types Actor
Property has-actor is-part-of link
Generalization/specialization hierarchies is-a link
![Page 23: iStar 2013: Using i* to Represent OSS Ecosystems for Risk Assessment](https://reader034.vdocument.in/reader034/viewer/2022052621/557cf933d8b42a98158b4b5b/html5/thumbnails/23.jpg)
23
i* for Risk Assess. in OSS Ecosystems
RiSD for OSS Ecosystem RiSD RiSD for EcosystemsPhase II
Activity II.1 Identifying departing actors … including OSS Adopter and/or OSS Project as an actor
Activity II.2 Establish goal dependencies among actors
Activity II.3 Classify and rename dependumsActivity II.4 Check for new actors and
dependencies… no related to actor inside the OSS Adopter and/or OSS Project
Phase III
Activity III.1 Include Software System No ApplyActivity III.2 Identify subsystems (is-part-of
link)Identify OSS Adopter’s and/or OSS
Project’s actors (is-part-of link)
Activity III.3 Refine software system dependencies
Refine OSS Adopter and/or OSS Project’s actors dependencies
Activity III.4 Identify subsystems dependencies
Identify Adoper and/or OSS Project`s actors dependencies
Activity III.5 Classify and rename dependums
Activity III.6 Check for new actors and dependencies
… specializations and aggregations)