Your SlideShare is downloading. ×
Managing risks in OSS adoption: the RISCOSS approach, Xavier Franch, Universitat Politècnica de Catalunya
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Managing risks in OSS adoption: the RISCOSS approach, Xavier Franch, Universitat Politècnica de Catalunya

280
views

Published on

Inadequate risk management has been identified among the top mistakes to avoid when implementing OSS-based solutions. Understanding, managing and mitigating OSS adoption risks is therefore crucial to …

Inadequate risk management has been identified among the top mistakes to avoid when implementing OSS-based solutions. Understanding, managing and mitigating OSS adoption risks is therefore crucial to avoid potentially significant adverse impact on the business. We present RISCOSS, a forthcoming risk-aware decision-making platform integrating business and technical levels. RISCOSS maps collected data into risk indicators and then into business goals. The platform will be validated against a collection of use cases coming from different types of organizations

Published in: Technology, Business

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
280
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Managing risks in OSS adoption:  the RISCOSS approach Presenter: Xavier Franch, GESSI – UPC OW2Con’13 Paris (France), 14‐Nov‐2013
  • 2. Risks and OSS OSS is about freedom and choice – but freedom and choice introduces risks Insufficient risk management has been reported as one of  the five topmost mistakes to avoid when implementing  OSS‐based solutions (Gartner 2011) Such risks can be manifold: – evaluation, integration, context, process, quality and evolution
  • 3. Example scenario: TEI Producing regulatory products for the Ericsson Corporate For each product, TEI has always: – two different release versions (under maintenance mode) – a third one under development Moreover, the system is adapted to different customers – common parts and variant parts Every single version and variant contains 3PPs, mostly OSS – different releases, different patches, dependencies, … How to implement a systematic approach towards under‐ standing, representing and assessing all kinds of risk?
  • 4. Hypothesis of work Understanding, managing and mitigating OSS  adoption risks is crucial to avoid potentially  significant adverse impact on the business, in  terms of time to market, customer  satisfaction, revenue and brand image
  • 5. The RISCOSS project Specification of risk identification, management and  mitigation methods for community‐based and industry‐supported Open  Source Software (OSS) development, composition  and life cycle management  to individually, collectively and collaboratively manage  OSS adoption risks 
  • 6. The RISCOSS platform
  • 7. OSS Ecosystems OSSComponent OSS Adopter User-DOCUM Selection Integrate OSS component OSS Community RET Release Decide Test Tech-DOCUM Maintain Develop Integration Learn Decide Component evolves Support Maintain Test help Component evolves Technical quality help help help ACQ-Tech According to OSS practices Patch Contribute to OSS community Acceptance as contributor ReportBUG Res-BUG Comm-resBUG Support help ACQ-Man ReportBUG ReoprtPATCH Patch
  • 8. RISCOSS analytics
  • 9. Data collection
  • 10. Quantitative reasoning OSS component OSS Adopter OSS Commu nity Maintain software Layer of the Business / Strategic goal Actor impact Goal Resource Layer of the risks RIsk events Difficulty in code refinement expose expose indicator Risk driver Timeliness measure of bug fixing time few people on project Layer of risk drivers and risk indicators
  • 11. Qualitative assessment
  • 12. Qualitative assessment
  • 13. Social analysis
  • 14. Putting all the bricks together OSSComponent OSS Adopter User-DOCUM Selection Integrate OSS component OSS Community RET Release Decide Test Integration Tech-DOCUM Maintain Develop Learn Decide Maintain Test help Component evolves Support Component evolves Technical quality help help help ACQ-Tech According to OSS practices Patch Acceptance as contributor ReportBUG Res-BUG measure from OSS community IMPACT on Adopter IMPACT on COMMUNITY Contribute to OSS community Support help ACQ-Man ReportBUG Comm-resBUG ReoprtPATCH Patch impact Difficulty in code refinement expose measure of bug fixing time Long time in bug fixing expose few people on project 14
  • 15. RISCOSS use cases Five Use Cases in Public and Private sectors  ERICSSON (Company)  CENATIC (Institution)  OW2 (communities)  Xwiki (community and company)  Moodbile (community and company)
  • 16. Towards H2020 ICT 7. Innovation platforms for trusted cloud systems.  Development, adaptation and testing of open source  software for innovative and trusted cloud‐based services ICT 9. Software tools and methods for large, complex  and data‐intensive systems. Incorporating integrity,  robustness and reliability into evolving software systems  across the complete software lifecycle, especially for  complex and secure business‐critical systems
  • 17. For more information: Xavier Franch, franch@essi.upc.edu RISCOSS project coordinator

×