The document presents a model-based approach to align business goals and risks in open source software (OSS) adoption. It introduces a 3-layer approach to gather data on OSS projects and communities, identify risk indicators, and perform business analysis. It proposes integrating goal models and risk models using a foundational ontology to relate their concepts. The document demonstrates aligning an example business goal model with a risk model and analyzing how identified risks could impact business goals. Future work is outlined to refine the alignment process and further validate the approach.

1. Dolors Costal, Lidia López, Mirko Morandini,
Alberto Siena, Maria Carmela Annosi, Daniel
Gross, Lucía Méndez, Xavier Franch, Angelo Susi
Aligning Business Goals and Risks in
OSS Adoption

2. Agenda
 Motivation
 How to integrate Goal and Risk Models
 Example: Risk Analysis
 Conclusions and Future Work
2
Applying Business Strategy Models in Organizations.
ER 2014, 27-29th October 2014

3. Motivation: RISCOSS EU Project
3
Aligning Business Goals and Risks in OSS Adoption
ER 2015, 19th-22nd October 2015
Assess the decision-makers to identify,
manage and mitigate risks inherent to
the OSS adoption

4. 3-layer Approach
4
Aligning Business Goals and Risks in OSS Adoption
ER 2015, 19th-22nd October 2015
Software and Business Models
Raw Data
OSS Project
Indicators
OSS Community
Indicators
Context
Indicators
Layer 3
Business Analysis
Layer 2
Risk Indicators
Layer 1
Data Gathering
Context
OSS Project OSS Communities
Risk
Manager

5. Model-based Approach
5
Aligning Business Goals and Risks in OSS Adoption
ER 2015, 19th-22nd October 2015
expose
indicate
impact
Business
& Strategic
Goals
Risks
&
Indicators
Data Gathering
i*
RiskML
Reduced
quality
Low code
stability
Low
testability
Test coverage

6. 6
Aligning Business Goals and Risks in OSS Adoption
ER 2015, 19th-22nd October 2015
The Problem
#Commits/Month #Posts/Day
Low Activity
Low release
frecuency

7. Connecting Risks to Business Goals
 RQ1 What is the conceptual relationship between
OSS adoption risks and the adopter organization
business goals?
– RQ1.1: How to integrate risk and goal-oriented modelling
approaches?
– RQ1.2: How to integrate risk and goal-oriented models (at
instance level)?
 RQ2 How do OSS adoption risks affect the adopter
organization business goals?
Researh Ojective
7
Applying Business Strategy Models in Organizations.
i* Workshop, 15-16 June 2014.

8. RISKS & GOAL-ORIENTED
INTEGRATED META-MODEL
RQ1.1: How to integrate risk and goal-oriented modelling?

9. Conceptual Relationship?
9
Aligning Business Goals and Risks in OSS Adoption
ER 2015, 19th-22nd October 2015

10. Using UFO for…
10
Aligning Business Goals and Risks in OSS Adoption
ER 2015, 19th-22nd October 2015
i*
RiskML
UFO
UFO
Overlapping
Concepts

11. Overlaping Concepts
11
Aligning Business Goals and Risks in OSS Adoption
ER 2015, 19th-22nd October 2015
UFO-i*: Guizzardi, R.S.S, Franch, X., Guizzardi, G.: Applying a foundational
ontology to analyze means-end links in the i* framework. RCIS 2012: 1-11
i* concepts RiskML concepts
Goal SoftGoal
UFO
concepts Goal
related to sets of
intended states of
affairs of an agent
Goal with no clear-cut
satisfaction criteria
Actor
intention

12. Overlaping Concepts
12
Aligning Business Goals and Risks in OSS Adoption
ER 2015, 19th-22nd October 2015
UFO-i*: Guizzardi, R.S.S, Franch, X., Guizzardi, G.: Applying a foundational
ontology to analyze means-end links in the i* framework. RCIS 2012: 1-11
i* concepts RiskML concepts
Goal TaskSoftGoal
UFO
concepts Goal Event Universal
ActionUniversal
specific way of doing
something [for
achieving a goal]
intentional event
performed by agents
with the purpose of
achieving goals

13. Overlaping Concepts
13
Aligning Business Goals and Risks in OSS Adoption
ER 2015, 19th-22nd October 2015
UFO-i*: Guizzardi, R.S.S, Franch, X., Guizzardi, G.: Applying a foundational
ontology to analyze means-end links in the i* framework. RCIS 2012: 1-11
i* concepts
Goal
RiskML concepts
Goal TaskSoftGoal
UFO
concepts Goal Event Universal
ActionUniversal
related to sets of
intended states of
affairs of an agent
of interest for a
stakeholder to
obtain or
maintain

14. Overlaping Concepts
14
Aligning Business Goals and Risks in OSS Adoption
ER 2015, 19th-22nd October 2015
UFO-i*: Guizzardi, R.S.S, Franch, X., Guizzardi, G.: Applying a foundational
ontology to analyze means-end links in the i* framework. RCIS 2012: 1-11
i* concepts
Goal Event
RiskML concepts
Goal TaskSoftGoal
UFO
concepts Goal Event Universal
ActionUniversal
changes in
states of affairs
[exposed by
situations]
entities that occur in
time [triggered by
certain sitations]

15. Overlaping Concepts
15
Aligning Business Goals and Risks in OSS Adoption
ER 2015, 19th-22nd October 2015
UFO-i*: Guizzardi, R.S.S, Franch, X., Guizzardi, G.: Applying a foundational
ontology to analyze means-end links in the i* framework. RCIS 2012: 1-11
i* concepts
Goal Event
RiskML concepts
Goal TaskSoftGoal
UFO
concepts Goal Event Universal
ActionUniversal
i* RiskML
Event

16. Impact Relationship?
16
Aligning Business Goals and Risks in OSS Adoption
ER 2015, 19th-22nd October 2015
impact

17. Impact Relationship?
17
Aligning Business Goals and Risks in OSS Adoption
ER 2015, 19th-22nd October 2015
impact
Underlyging goals to perform tasks
and having resource

18. Impact Relationship?
18
Aligning Business Goals and Risks in OSS Adoption
ER 2015, 19th-22nd October 2015
Intentional
Element

19. Integrated Metamodel
19
Aligning Business Goals and Risks in OSS Adoption
ER 2015, 19th-22nd October 2015

20. INTEGRATING RISKS & GOALS
MODELS
RQ1.2: How to integrate risk and goal-oriented models (at instance level)?

21. TEI Business Model (i*)
21
Aligning Business Goals and Risks in OSS Adoption
ER 2015, 19th-22nd October 2015

22. Maintenance Risk Model (RiskML)
22
Aligning Business Goals and Risks in OSS Adoption
ER 2015, 19th-22nd October 2015

23. Aligning Method – Equivalence
23
Aligning Business Goals and Risks in OSS Adoption
ER 2015, 19th-22nd October 2015

24. Aligning Method – Equivalence
24
Aligning Business Goals and Risks in OSS Adoption
ER 2015, 19th-22nd October 2015
impacts
impacts
impacts

25. Aligning Method – Sumsumption
25
Aligning Business Goals and Risks in OSS Adoption
ER 2015, 19th-22nd October 2015

26. Aligning Method – Sumsumption
26
Aligning Business Goals and Risks in OSS Adoption
ER 2015, 19th-22nd October 2015

27. Aligning Method – Missing
27
Aligning Business Goals and Risks in OSS Adoption
ER 2015, 19th-22nd October 2015

28. Aligning Method – Missing
28
Aligning Business Goals and Risks in OSS Adoption
ER 2015, 19th-22nd October 2015

29. TEI Business Model + Maintenance Risk Model
29
Aligning Business Goals and Risks in OSS Adoption
ER 2015, 19th-22nd October 2015

30. RISKS ANALYSIS
RQ2 How do OSS adoption risks affect the adopter organization business
goals?

31. Risk Analysis
 Model-based analysis of OSS ecosystems
 From metrics of OSS projects to their impact on
business goals
 Forward quantitative inference algorithms to
evaluate risk exposure
– indicator values mapped onto the satisfaction evidence of
situations
– situation satisfaction raises or lowers the occurrence
likelihood of events (expose and protect)
– impact of risk events on the software ecosystems is
captured by goal analysis, based on Satisfiability and
Deniability evidence
31
Aligning Business Goals and Risks in OSS Adoption
ER 2015, 19th-22nd October 2015

32. Risk Analysis for TEI
32
Aligning Business Goals and Risks in OSS Adoption
ER 2015, 19th-22nd October 2015

33. CONCLUSIONS FUTURE WORK

34. Applying Business Strategy Models in Organizations.
i* Workshop, 15-16 June 2014.
Conclusions
34
RQ2
RQ1.1 RQ1.2

35. Future Work
 Importance for goals
 Study the influence that the OSS adoption can
influence the OSS community, modifying the risk
exposure
 Refining the Alignment process (e.g. impacting
dependums)
 Further validation
35
Applying Business Strategy Models in Organizations.
i* Workshop, 15-16 June 2014.

36. Lidia López – llopez@essi.upc.edu
www.essi.upc.edu/~gessi
@gessi_upc
Thank you