Embed Size (px)
Citation preview
Managing risks in OSS adoption: the RISCOSS approach
Presenter: Xavier Franch, GESSI – UPCOW2Con’13
Paris (France), 14‐Nov‐2013
Risks and OSSOSS is about freedom and choice– but freedom and choice introduces risks
Insufficient risk management has been reported as one of the five topmost mistakes to avoid when implementing OSS‐based solutions (Gartner 2011)
Such risks can be manifold:– evaluation, integration, context, process, quality and evolution
Example scenario: TEIProducing regulatory products for the Ericsson CorporateFor each product, TEI has always:– two different release versions (under maintenance mode)– a third one under development
Moreover, the system is adapted to different customers– common parts and variant parts
Every single version and variant contains 3PPs, mostly OSS– different releases, different patches, dependencies, …
How to implement a systematic approach towards under‐standing, representing and assessing all kinds of risk?
Hypothesis of work
Understanding, managing and mitigating OSS adoption risks is crucial to avoid potentially significant adverse impact on the business, in
terms of time to market, customer satisfaction, revenue and brand image
The RISCOSS projectSpecification of risk identification, management and
mitigation methods
community‐based and industry‐supported Open Source Software (OSS) development, composition
and life cycle management
individually, collectively and collaboratively manage OSS adoption risks
for
to
The RISCOSS platform
OSS Ecosystems
OSS Adopter
OSS Community
Release
Test
Develop
Maintain
Support
ReportBUG
Patch
Decide
Integrate OSS component
Selection
Test
RET
Maintain
Decide
Contribute to OSS community
ReportBUG
PatchReoprtPATCH
Support
Technical quality
Learn
ACQ-Tech
help
help
ACQ-Man
According to OSS practices
help
Component evolves
helphelp
Integration
OSS-Component
User-DOCUM
Tech-DOCUM
Res-BUG
Comm-res-BUG
Component evolves
Acceptance as
contributor
RISCOSS analytics
Data collection
Timeliness
Difficulty in code refinement
few people on project
expose expose
measure of bug fixing time
impact
Maintain software
OSS Adopter
OSS Commu
nity
OSS component
Layer of the Business / Strategic goal
Layer of the risks
Layer of risk drivers and risk indicators
Actor
Goal
Resource
RIsk events
indicator
Risk driver
Quantitative reasoning
Qualitative assessment
Qualitative assessment
Social analysis
OSS Adopter
OSS Community
Release
Test
Develop
Maintain
Support
ReportBUG
Patch
Decide
Integrate OSS component
Selection
Test
RET
Maintain
Decide
Contribute to OSS community
ReportBUG
PatchReoprtPATCH
Support
Technical quality
Learn
ACQ-Tech
help
help
ACQ-Man
According to OSS practices
help
Component evolves
helphelp
Integration
OSS-Component
User-DOCUM
Tech-DOCUM
Res-BUG
Comm-res-BUG
Component evolves
Acceptance as
contributor
Long time in bug fixing
Difficulty in code refinement
few people on project
expose expose
impact
measure from OSS community
IMPACT on COMMUNITY
IMPACT on
Adopter
measure of bug fixing time 14
Putting all the bricks together
RISCOSS use casesFive Use Cases in Public and Private sectors
ERICSSON (Company)
CENATIC (Institution)
OW2 (communities)
Xwiki (community and company)
Moodbile (community and company)
ICT 7. Innovation platforms for trusted cloud systems. Development, adaptation and testing of open source software for innovative and trusted cloud‐based services
ICT 9. Software tools and methods for large, complex and data‐intensive systems. Incorporating integrity, robustness and reliability into evolving software systems across the complete software lifecycle, especially for complex and secure business‐critical systems
Towards H2020
For more information:Xavier Franch, [email protected] project coordinator
