ow2con'14 - managing risks in oss adoption: the riscoss approach
DESCRIPTION
This presentation will report on the progresses of the RISCOSS methods and software. Supported by the FP7 program, RISCOSS develops a risk management-based methodology to facilitate the adoption of open source code into mainstream products and services. RISCOSS develops a method and a software platform that integrate the whole decision-making chain, from technology criteria to strategic concerns. Using advanced software engineering techniques and risk management methodologies, RISCOSS develops innovative tools and methods to identify, manage and mitigate risks of integrating third-party open source software. RISCOSS not only enables users to collect informed intelligence on open source components, but goes one step further by offering risk analysies that adapts to individual business situations. RISCOSS delivers a complete solution rather than a piecemeal approach to enable mainstream product developers to safely integrate open source software in their developments. Itself an open source project, RISCOSS is open to thirdparty contributions to help the platform grow in functionalities and make the transition to a fully marketable product or service.TRANSCRIPT
![Page 1: OW2con'14 - Managing risks in OSS adoption: the RISCOSS approach](https://reader034.vdocument.in/reader034/viewer/2022052601/558bcc82d8b42aab0b8b4595/html5/thumbnails/1.jpg)
Managing risks in OSS adop/on: the RISCOSS approach
Xavier Franch, GESSI – UPC OW2Con’14
Paris (France), 6-‐Nov-‐2014
![Page 2: OW2con'14 - Managing risks in OSS adoption: the RISCOSS approach](https://reader034.vdocument.in/reader034/viewer/2022052601/558bcc82d8b42aab0b8b4595/html5/thumbnails/2.jpg)
Risks and OSS ! Insufficient risk management has been reported as one of the topmost mistakes to avoid when implemen/ng OSS-‐based solu/ons
! Such risks can be manifold: – evalua/on, integra/on, context, process, quality and
evolu/on
! The RISCOSS project aims at the specifica/on of risk iden/fica/on, management and mi/ga/on methods in OSS adop8on
![Page 3: OW2con'14 - Managing risks in OSS adoption: the RISCOSS approach](https://reader034.vdocument.in/reader034/viewer/2022052601/558bcc82d8b42aab0b8b4595/html5/thumbnails/3.jpg)
RISCOSS use cases Five use cases in public and private sectors
§ ERICSSON (large company)
§ CENATIC (public administra/on)
§ OW2 (large community)
§ XWiki (medium community and SME)
§ Moodbile (small community and organiza/on)
![Page 4: OW2con'14 - Managing risks in OSS adoption: the RISCOSS approach](https://reader034.vdocument.in/reader034/viewer/2022052601/558bcc82d8b42aab0b8b4595/html5/thumbnails/4.jpg)
3-‐layered approach to risks
Measurement
Risk analysis
Goal analysis
Measures
Business goals
Project Comm-‐unity
Quan8ta8ve Indicators
Focus groups
Sta8s8cal analysis
Goal analysis
Scenario-‐based assessment
Expert
Contextual Indicators
Decision maker
![Page 5: OW2con'14 - Managing risks in OSS adoption: the RISCOSS approach](https://reader034.vdocument.in/reader034/viewer/2022052601/558bcc82d8b42aab0b8b4595/html5/thumbnails/5.jpg)
The RISCOSS pla[orm
Risk data collector
Risk data collector manager
Risk data repository manager
Business analysis manager
Business analysis engine
Risk manager
Business repor6ng
tool
Risk data
Business manager
Business data
![Page 6: OW2con'14 - Managing risks in OSS adoption: the RISCOSS approach](https://reader034.vdocument.in/reader034/viewer/2022052601/558bcc82d8b42aab0b8b4595/html5/thumbnails/6.jpg)
Key points § Risk ontology § Flexible data model
§ Mul/ple data sources
§ OSS adop/on pa]erns § Risk models
§ Linking to business
![Page 7: OW2con'14 - Managing risks in OSS adoption: the RISCOSS approach](https://reader034.vdocument.in/reader034/viewer/2022052601/558bcc82d8b42aab0b8b4595/html5/thumbnails/7.jpg)
Ontology of risks Actor
Goal
Task
Resource
Organisa6on Element
Risk Event
Risk
Business Risk
impacts-‐on
realised-‐by
is-‐a
is-‐a
Risk Indicator evaluates
Risk Driver
aggrega6on-‐of
OSS measure
is-‐a
![Page 8: OW2con'14 - Managing risks in OSS adoption: the RISCOSS approach](https://reader034.vdocument.in/reader034/viewer/2022052601/558bcc82d8b42aab0b8b4595/html5/thumbnails/8.jpg)
Flexible data model
Scope
Unit Product Process Project Component
OSS Componen
t
OSS Community
belongs-‐to
sub
super
![Page 9: OW2con'14 - Managing risks in OSS adoption: the RISCOSS approach](https://reader034.vdocument.in/reader034/viewer/2022052601/558bcc82d8b42aab0b8b4595/html5/thumbnails/9.jpg)
Mul/ple data sources
Risk data
collector manage
r
Risk data collector
Risk data collector
Risk data collector
Risk data collector
![Page 10: OW2con'14 - Managing risks in OSS adoption: the RISCOSS approach](https://reader034.vdocument.in/reader034/viewer/2022052601/558bcc82d8b42aab0b8b4595/html5/thumbnails/10.jpg)
OSS adop/on models
![Page 11: OW2con'14 - Managing risks in OSS adoption: the RISCOSS approach](https://reader034.vdocument.in/reader034/viewer/2022052601/558bcc82d8b42aab0b8b4595/html5/thumbnails/11.jpg)
Risk models
![Page 12: OW2con'14 - Managing risks in OSS adoption: the RISCOSS approach](https://reader034.vdocument.in/reader034/viewer/2022052601/558bcc82d8b42aab0b8b4595/html5/thumbnails/12.jpg)
Linking to business (i)
![Page 13: OW2con'14 - Managing risks in OSS adoption: the RISCOSS approach](https://reader034.vdocument.in/reader034/viewer/2022052601/558bcc82d8b42aab0b8b4595/html5/thumbnails/13.jpg)
Linking to business (ii)
![Page 14: OW2con'14 - Managing risks in OSS adoption: the RISCOSS approach](https://reader034.vdocument.in/reader034/viewer/2022052601/558bcc82d8b42aab0b8b4595/html5/thumbnails/14.jpg)
Pu_ng all together
![Page 15: OW2con'14 - Managing risks in OSS adoption: the RISCOSS approach](https://reader034.vdocument.in/reader034/viewer/2022052601/558bcc82d8b42aab0b8b4595/html5/thumbnails/15.jpg)
Current state § Emphasis on building good risk models
— currently, licensing and quality factors — analysis of impact on business goals
§ Pla[orm scenario: adop/on of single component § Future steps
— composi/on of risk models
— new scenarios
§ Struggling to open asap!
![Page 16: OW2con'14 - Managing risks in OSS adoption: the RISCOSS approach](https://reader034.vdocument.in/reader034/viewer/2022052601/558bcc82d8b42aab0b8b4595/html5/thumbnails/16.jpg)
For more informa/on: Xavier Franch, [email protected] RISCOSS project coordinator www.riscoss.eu #RiscossProject