quantifying the impact of oss adoption risks with the help of i* models
DESCRIPTION
Dolors Costal, Daniel Gross, Lidia Lopez, Mirko Morandini, Alberto Siena, Angelo Susi: Quantifying the Impact of OSS Adoption Risks with the help of i* Models. 7th i* Int. Workshop held at CAiSE 2014. Paper at http://ceur-ws.org/Vol-1157/paper10.pdf. Adopting Open Source Software (OSS) components in or ganisational settings requires evaluating the possible impact of adoption decisions on business goals. Measures available in OSS, capturing indicators such as the quality of open source code and the activeness of the developing community, can be used as a driver to assess various risks in component adoption. In this paper we illustrate how risk and impact models are used to relate measures obtained from the component under analysis to business goals in i* -based OSS business strategy models.TRANSCRIPT
Dolors Costal, Daniel Gross, Lidia Lopez,Mirko Morandini, Alberto Siena, Angelo
Susi
Quantifying the Impact of OSS Adoption Risks with the help of i* Models
Agenda
Introduction A method for risk assessment Modeling language for ecosystems and risks– The two ingredients together
Reasoning on models Conclusions and future work
Quantifying the Impact of OSS Adoption Risks with the help of i* Models.i* Workshop, 15-16 June 2014.
Motivation
“Identifying and evaluating the risks of Open Source Software (OSS) adoption exploiting the information form the OSS strategic and business ecosystems”*
The OSS ecosystem is composed by – Adopters (Companies, Public Administrations, OSS
communities)– OSS communities
*RISCOSS (Risks and Costs in Open Source Software Adoption) FP7 European project
Quantifying the Impact of OSS Adoption Risks with the help of i* Models.i* Workshop, 15-16 June 2014.
A layered approach for risk assessment
Quantifying the Impact of OSS Adoption Risks with the help of i* Models.i* Workshop, 15-16 June 2014.
Strategic and Business Model
Risk Drivers
OSS project indicators
OSS community indicators
Contextual indicators
Analyst
OSS Project
OSS Community
Expert
Layer 3Business analysis
Layer 2Risk indicators
Layer 1Data Gathering
MODELING ECOSYSTEMS & RISKS
Modeling OSS ecosystems
Strategic actors Strategic dependencies between actors Strategic goals and tasks depending on the OSS
adoption strategy– High-level business strategic goals– Low-level requirements goals and tasks
Quantifying the Impact of OSS Adoption Risks with the help of i* Models.i* Workshop, 15-16 June 2014.
Modeling OSS strategies
Quantifying the Impact of OSS Adoption Risks with the help of i* Models.i* Workshop, 15-16 June 2014.
Strategic actors
Strategic dependencies
High-level goals
Strategyrequirements
Modeling risks Risk characterized by
– Event; => “the community disappear” – Situation; => “the community is not active”– Situation; => “(impossible to) maintain the final
software product”
Measures and Risk drivers– Measure raw and derived evidences
Quantifying the Impact of OSS Adoption Risks with the help of i* Models.i* Workshop, 15-16 June 2014.
Event
Situation
Measures Risk driver
Levels of representation: OSS ecosystems and risks together
Quantifying the Impact of OSS Adoption Risks with the help of i* Models.i* Workshop, 15-16 June 2014.
Layer of the Business / Strategic goal of the Ecosystem
Layer of the risk indicators and risks
Layer of measures and risk drivers
Meta-Model
Connected to the goal-models of the ecosystems to allow for the modelling of risk impact on goals, activities and other assets
Quantifying the Impact of OSS Adoption Risks with the help of i* Models.i* Workshop, 15-16 June 2014.
REASONING ON THE MODELS
Risk and goal model reasoning
Risk and Goal model analysis– starting from the knowledge about values of properties of
some nodes of the model (Risk events, Situations, Goals, Activities) infer knowledge about values of properties of other nodes
Quantifying the Impact of OSS Adoption Risks with the help of i* Models.i* Workshop, 15-16 June 2014.
Specification of models
• Goal and risk models are specified
Analysis of models
• Logic based• Label prop.• …
Analysis of results
• Analysis of the possibility and severity of a risk
Reasoning techniques: based on evidence
Input: measures and indicators gathered from online repositories– Some subjective knowledge is partially available from
involved stakeholders Directed graph (in our case, goal and risk models)– To each node is associated an evidence– Each relation has a weight– Compound relations have a propagation function
Label propagation algorithm
Quantifying the Impact of OSS Adoption Risks with the help of i* Models.i* Workshop, 15-16 June 2014.
OSS measures and risk drivers Raw measures from OSS communities versioning systems, forums,
mailing lists:– Bugs & Releases– Open Bugs– Messages in the posts
Risk drivers (from the raw measures)– Bug fix time: Critical & Blocker– Commit frequency per week & Number of Commits– Forum posts per day
Quantifying the Impact of OSS Adoption Risks with the help of i* Models.i* Workshop, 15-16 June 2014.
Statistical analysis of “Bug fix time” in XWiki (with R)
Study of the behavior of the community
300Bugs$Fix_time
coun
t
1000 200
250
1000
1250
0300
Propagation in the
models
Quantifying the Impact of OSS Adoption Risks with the help of i* Models.i* Workshop, 15-16 June 2014.
A possible result of the analysis
Quantifying the Impact of OSS Adoption Risks with the help of i* Models.i* Workshop, 15-16 June 2014.
Scenario1 Scenario2 Scenario3
Indicators’ Values (can make it possible)
Tutorial Available X
No Timeliness X X
Needs from organisation ( can make it critical)
Maintenance need X X X
Product Quality Need X X X
Risk Events
Lack Of Support Critical Probable, Critical Probable
Low Update Frequency Probable Probable Probable, Critical
Error Proneness Probable, Critical Probable, Critical Critical
Scenariosproperties
Risk events
List of affected Goals
Example: scenario analysis
CONCLUSIONS & FUTURE WORK
Conclusions
Quantifying the Impact of OSS Adoption Risks with the help of i* Models.i* Workshop, 15-16 June 2014.
19
Future Work
Going deep in the study of the connections between indicators, risks and goals
Extending the analysis of the impact of a given risk to the ecosystem
Combination of model-based reasoning and statistical techniques to support different kind of reasoning at different level of detail based also on the availability of data