Dolors Costal, Daniel Gross, Lidia Lopez,Mirko Morandini, Alberto Siena, Angelo

Susi

Quantifying the Impact of OSS Adoption Risks with the help of i* Models

Agenda

Introduction A method for risk assessment Modeling language for ecosystems and risks– The two ingredients together

Reasoning on models Conclusions and future work

Quantifying the Impact of OSS Adoption Risks with the help of i* Models.i* Workshop, 15-16 June 2014.

Motivation

“Identifying and evaluating the risks of Open Source Software (OSS) adoption exploiting the information form the OSS strategic and business ecosystems”*

The OSS ecosystem is composed by – Adopters (Companies, Public Administrations, OSS

communities)– OSS communities

*RISCOSS (Risks and Costs in Open Source Software Adoption) FP7 European project

Quantifying the Impact of OSS Adoption Risks with the help of i* Models.i* Workshop, 15-16 June 2014.

A layered approach for risk assessment

Quantifying the Impact of OSS Adoption Risks with the help of i* Models.i* Workshop, 15-16 June 2014.

Strategic and Business Model

Risk Drivers

OSS project indicators

OSS community indicators

Contextual indicators

Analyst

OSS Project

OSS Community

Expert

Layer 3Business analysis

Layer 2Risk indicators

Layer 1Data Gathering

MODELING ECOSYSTEMS & RISKS

Modeling OSS ecosystems

Strategic actors Strategic dependencies between actors Strategic goals and tasks depending on the OSS

adoption strategy– High-level business strategic goals– Low-level requirements goals and tasks

Quantifying the Impact of OSS Adoption Risks with the help of i* Models.i* Workshop, 15-16 June 2014.

Modeling OSS strategies

Quantifying the Impact of OSS Adoption Risks with the help of i* Models.i* Workshop, 15-16 June 2014.

Strategic actors

Strategic dependencies

High-level goals

Strategyrequirements

Modeling risks Risk characterized by

– Event; => “the community disappear” – Situation; => “the community is not active”– Situation; => “(impossible to) maintain the final

software product”

Measures and Risk drivers– Measure raw and derived evidences

Quantifying the Impact of OSS Adoption Risks with the help of i* Models.i* Workshop, 15-16 June 2014.

Event

Situation

Measures Risk driver

Levels of representation: OSS ecosystems and risks together

Quantifying the Impact of OSS Adoption Risks with the help of i* Models.i* Workshop, 15-16 June 2014.

Layer of the Business / Strategic goal of the Ecosystem

Layer of the risk indicators and risks

Layer of measures and risk drivers

Meta-Model

Connected to the goal-models of the ecosystems to allow for the modelling of risk impact on goals, activities and other assets

Quantifying the Impact of OSS Adoption Risks with the help of i* Models.i* Workshop, 15-16 June 2014.

REASONING ON THE MODELS

Risk and goal model reasoning

Risk and Goal model analysis– starting from the knowledge about values of properties of

some nodes of the model (Risk events, Situations, Goals, Activities) infer knowledge about values of properties of other nodes

Quantifying the Impact of OSS Adoption Risks with the help of i* Models.i* Workshop, 15-16 June 2014.

Specification of models

• Goal and risk models are specified

Analysis of models

• Logic based• Label prop.• …

Analysis of results

• Analysis of the possibility and severity of a risk

Reasoning techniques: based on evidence

Input: measures and indicators gathered from online repositories– Some subjective knowledge is partially available from

involved stakeholders Directed graph (in our case, goal and risk models)– To each node is associated an evidence– Each relation has a weight– Compound relations have a propagation function

Label propagation algorithm

Quantifying the Impact of OSS Adoption Risks with the help of i* Models.i* Workshop, 15-16 June 2014.

OSS measures and risk drivers Raw measures from OSS communities versioning systems, forums,

mailing lists:– Bugs & Releases– Open Bugs– Messages in the posts

Risk drivers (from the raw measures)– Bug fix time: Critical & Blocker– Commit frequency per week & Number of Commits– Forum posts per day

Quantifying the Impact of OSS Adoption Risks with the help of i* Models.i* Workshop, 15-16 June 2014.

Statistical analysis of “Bug fix time” in XWiki (with R)

Study of the behavior of the community

300Bugs$Fix_time

coun

t

1000 200

250

1000

1250

0300

Propagation in the

models

Quantifying the Impact of OSS Adoption Risks with the help of i* Models.i* Workshop, 15-16 June 2014.

A possible result of the analysis

Quantifying the Impact of OSS Adoption Risks with the help of i* Models.i* Workshop, 15-16 June 2014.

Scenario1 Scenario2 Scenario3

Indicators’ Values (can make it possible)

Tutorial Available X

No Timeliness X X

Needs from organisation ( can make it critical)

Maintenance need X X X

Product Quality Need X X X

Risk Events

Lack Of Support Critical Probable, Critical Probable

Low Update Frequency Probable Probable Probable, Critical

Error Proneness Probable, Critical Probable, Critical Critical

Scenariosproperties

Risk events

List of affected Goals

Example: scenario analysis

CONCLUSIONS & FUTURE WORK

Conclusions

Quantifying the Impact of OSS Adoption Risks with the help of i* Models.i* Workshop, 15-16 June 2014.

19

Future Work

Going deep in the study of the connections between indicators, risks and goals

Extending the analysis of the impact of a given risk to the ecosystem

Combination of model-based reasoning and statistical techniques to support different kind of reasoning at different level of detail based also on the availability of data

Lidia López – llopez@essi.upc.eduAngelo Susi – susi@fbk.eu

www.riscoss.eu

Thank you