Dolors Costal, Daniel Gross, Lidia Lopez, Mirko Morandini, Alberto Siena, Angelo Susi: Quantifying the Impact of OSS Adoption Risks with the help of i* Models. 7th i* Int. Workshop held at CAiSE 2014. Paper at http://ceur-ws.org/Vol-1157/paper10.pdf. Adopting Open Source Software (OSS) components in or ganisational settings requires evaluating the possible impact of adoption decisions on business goals. Measures available in OSS, capturing indicators such as the quality of open source code and the activeness of the developing community, can be used as a driver to assess various risks
in component adoption. In this paper we illustrate how risk and impact models are used to relate measures obtained from the component under analysis to business goals in i* -based OSS business strategy models.
Quantifying the Impact of OSS Adoption Risks with the help of i* Models
1. Dolors Costal, Daniel Gross, Lidia Lopez,
Mirko Morandini, Alberto Siena, Angelo Susi
Quantifying the Impact of OSS Adoption
Risks with the help of i* Models
2. Agenda
Introduction
A method for risk assessment
Modeling language for ecosystems and risks
– The two ingredients together
Reasoning on models
Conclusions and future work
Quantifying the Impact of OSS Adoption Risks with the help of i* Models.
i* Workshop, 15-16 June 2014.
3. Motivation
“Identifying and evaluating the risks of Open Source
Software (OSS) adoption exploiting the information
form the OSS strategic and business ecosystems”*
The OSS ecosystem is composed by
– Adopters (Companies, Public Administrations, OSS
communities)
– OSS communities
*RISCOSS (Risks and Costs in Open Source Software Adoption) FP7 European project
Quantifying the Impact of OSS Adoption Risks with the help of i* Models.
i* Workshop, 15-16 June 2014.
4. A layered approach for risk assessment
Quantifying the Impact of OSS Adoption Risks with the help of i* Models.
i* Workshop, 15-16 June 2014.
Strategic and Business Model
Risk Drivers
OSS project
indicators
OSS community
indicators
Contextual
indicators
Analyst
OSS
Project
OSS
Community
Expert
Layer 3
Business analysis
Layer 2
Risk indicators
Layer 1
Data Gathering
6. Modeling OSS ecosystems
Strategic actors
Strategic dependencies between actors
Strategic goals and tasks depending on the OSS
adoption strategy
– High-level business strategic goals
– Low-level requirements goals and tasks
Quantifying the Impact of OSS Adoption Risks with the help of i* Models.
i* Workshop, 15-16 June 2014.
7. Modeling OSS strategies
Quantifying the Impact of OSS Adoption Risks with the help of i* Models.
i* Workshop, 15-16 June 2014.
Strategic
actors
Strategic
dependencies
High-level
goals
Strategy
requirements
8. Modeling risks
Risk characterized by
– Event; => “the community disappear” (what)
– Situation; => “the community is not active” (when)
– Situation; => “(impossible to) maintain the final
software product” (why)
Measures and Risk drivers
– Measure raw and derived evidences
Quantifying the Impact of OSS Adoption Risks with the help of i* Models.
i* Workshop, 15-16 June 2014.
Event
Situation
Measures
Risk driver
9. Levels of representation:
OSS ecosystems and risks together
Quantifying the Impact of OSS Adoption Risks with the help of i* Models.
i* Workshop, 15-16 June 2014.
Timeliness
Difficulty in code
refinement
people
on project
expose
expose
measure of
bug fixing time
impact
Maintain
software
OSS
Adopter
OSS
Commu
nity
OSS
component
Actor
Goal
Resource
RIsk events
situation
Risk driver
Layer of the
Business / Strategic goal
of the Ecosystem
Layer of the
risk indicators and risks
Layer of measures and
risk drivers
Timeliness
Difficulty in code
refinement
people
on project
expose
expose
measure of
bug fixing time
impact
Maintain
software
OSS
Adopter
OSS
Commu
nity
OSS
component
Actor
Goal
Resource
RIsk events
situation
Risk driver
10. Meta-Model
Connected to the
goal-models of
the ecosystems
to allow for the
modelling of risk
impact on goals,
activities and
other assets
Quantifying the Impact of OSS Adoption Risks with the help of i* Models.
i* Workshop, 15-16 June 2014.
Risk Meta-Model Goal Meta-Model
satisfied
Situation probability
extent
Event
expose
protect
Goal
impact
Actor
desire
propagate
Task
means-end
govern
increase
mitigate
performs
Ecosystem
provide
depend
value
Measure
evidence
12. Risk and goal model reasoning
Risk and Goal model analysis
– starting from the knowledge about values of properties of
some nodes of the model (Risk events, Situations, Goals,
Activities) infer knowledge about values of properties of
other nodes
Quantifying the Impact of OSS Adoption Risks with the help of i* Models.
i* Workshop, 15-16 June 2014.
Specification of
models
• Goal and risk
models are
specified
Analysis of
models
• Logic based
• Label prop.
• …
Analysis of
results
• Analysis of the
possibility and
severity of a risk
13. Reasoning techniques: based on evidence
Input: measures and indicators gathered from online
repositories
– Some subjective knowledge is partially available from
involved stakeholders
Directed graph (in our case, goal and risk models)
– To each node is associated an evidence
– Each relation has a weight
– Compound relations have a propagation function
Label propagation algorithm
Quantifying the Impact of OSS Adoption Risks with the help of i* Models.
i* Workshop, 15-16 June 2014.
14. OSS measures and risk drivers
Raw measures from OSS communities versioning systems,
forums, mailing lists:
– Bugs & Releases
– Open Bugs
– Messages in the posts
Risk drivers (from the raw measures)
– Bug fix time: Critical & Blocker
– Commit frequency per week & Number of Commits
– Forum posts per day
Quantifying the Impact of OSS Adoption Risks with the help of i* Models.
i* Workshop, 15-16 June 2014.
Statistical analysis of “Bug fix
time” in XWiki (with R)
Study of the behavior of the
community
300Bugs$Fix_time
count
1000 200
250
1000
1250
0
300
16. A possible result of the analysis
Quantifying the Impact of OSS Adoption Risks with the help of i* Models.
i* Workshop, 15-16 June 2014.
Scenario1 Scenario2 Scenario3
Indicators’ Values (can make it possible)
Tutorial Available X
No Timeliness X X
Needs from organisation ( can make it critical)
Maintenance need X X X
Product Quality Need X X X
Risk Events
Lack Of Support Critical Probable, Critical Probable
Low Update Frequency Probable Probable Probable, Critical
Error Proneness Probable, Critical Probable, Critical Critical
Scenarios
properties
Risk
events
List of affected Goals
Example: scenario analysis
19. Future Work
Going deep in the study of the connections between
indicators, risks and goals
Extending the analysis of the impact of a given risk to
the ecosystem
Combination of model-based reasoning and
statistical techniques to support different kind of
reasoning at different level of detail based also on
the availability of data
19
In this example, we can see:
2 strategic actors in this ecosystem: OSS Community and the Adopter company
Some dependencies between both actors.
The adopter expect some things from the OSS community: the component and the documentation, some quality and the OSS component evolves as the company desired features
In return the company provides bug reports, some code (patches), but needs that he OSS community accept its contribution
In the Adopter SR diagram there are:
the high-level business goals: Benefit from co-creation, OSS involvement and OSS evolution influenced
And the low-level goals and tasks that correspond to the concrete adoption strategy requirements. In this case,
Acquiring some skills: user, technical and management
Contribute to the community: bug reports and patches
The requirements affect to the high-level goals in some way: in this case contributing OSS helps to the OSS involvement needed if the company wants to co-create
Other adoption strategies have different requirements, for example the adopter may not contribute at all to the community (acquisition) or maybe it must control the community (take-over),…