Managing risk in open source software adoption

By 2016 an estimated 95% of all commercial software packages will include Open Source Software (OSS). This extended adoption is yet not avoiding failure rates in OSS projects to be as high as 50%. Inadequate risk management has been identified among the top mistakes to avoid when implementing OSS-based solutions. Understanding, managing and mitigating OSS adoption risks is therefore crucial to avoid potentially significant adverse impact on the business. In this position paper we portray a short report of work in progress on risk management in OSS adoption processes. We present a risk-aware technical decision-making management platform integrated in a business-oriented decision-making framework, which together support placing technical OSS adoption decisions into organizational, business strategy as well as the broader OSS community context. The platform will be validated against a collection of use cases coming from different types of organizations: big companies, SMEs, public administration, consolidated OSS communities and emergent small OSS products.Postprint (published version

A goal model for crowdsourced software engineering

Crowdsourced Software Engineering (CSE) is the act of undertaking any external software engineering tasks by an undefined, potentially large group of online workers in an open call format. Using an open call, CSE recruits global online labor to work on various types of software engineering tasks, such as requirements extraction, design, coding and testing. The field is rising rapidly and touches various aspects of software engineering. CSE has grown significance in both academy and industry. Despite of the enormous usage and significance of CSE, there are many open challenges reported by various researchers. In order to overcome the challenges and realizing the full potential of CSE, it is highly important to understand the concrete advantages and goals of CSE. In this paper, we present a goal model for CSE, to understand the real environment of CSE, and to explore the aspects that can somehow overcome the aforementioned challenges. The model is designed using RiSD, a method for building Strategic Dependency (SD) models in the i* notation, applied in this work using iStar2.0. This work can be considered useful for CSE stakeholders (Requesters, Workers, Platform owners and CSE organizations).Peer ReviewedPostprint (published version

Towards a reference framework for open source software adoption

Nowadays, the use of Open Source Software (OSS) components has become a driver for the primary and secondary information technology (IT) sector, among other factors, by the openness and innovation benefits that can give to the organizations, regardless of its business model and activities' nature. Nevertheless, IT companies and organizations still face numerous difficulties and challenges when making the strategic move to OSS. OSS is aligned with new challenges, which mainly derive from the way OSS is produced and the culture and values of OSS communities. In fact, OSS adoption impacts far beyond technology, because it requires a change in the organizational culture and reshaping IT decision-makers mindset. Therefore, this research work proposes a framework to support OSS adopters (i.e., software-related organizations that develop software and/or offer services relate to software) to analyze and evaluate the impact of adopting OSS as part of their software products and/or services offered to their customers/users, mainly in terms of their software related activities.Peer ReviewedPostprint (published version

Risk assessment in open source systems

Adopting Open Source Software (OSS) components offers many advantages to organizations but also introduces risks related to the intrinsic fluidity of the OSS development projects. Choosing the right components is a critical decision, as it could contribute to the success of any adoption process. Making the right decision requires to evaluate the technical capabilities of the components and also related strategic aspects, including possible impacts on high level objectives. This can be achieved through a portfolio of risk assessment and mitigation methods. In this briefing we introduce the basic concepts related to OSS ecosystems and to risk representation and reasoning. We illustrate how risk management activities in OSS can benefit from the large amount of data available from OSS repositories and how they can be connected to business goals for strategic decision-making. The concepts are illustrated with a software platform developed in the context of the EU FP7 project RISCOSS.Peer ReviewedPostprint (author's final draft

The RISCOSS platform for risk management in open source software adoption

Managing risks related to OSS adoption is a must for organizations that need to smoothly integrate OSS-related practices in their development processes. Adequate tool support may pave the road to effective risk management and ensure the sustainability of such activity. In this paper, we present the RISCOSS platform for managing risks in OSS adoption. RISCOSS builds upon a highly configurable data model that allows customization to several types of scopes. It implements two different working modes: exploration, where the impact of decisions may be assessed before making them; and continuous assessment, where risk variables (and their possible consequences on business goals) are continuously monitored and reported to decision-makers. The blackboard-oriented architecture of the platform defines several interfaces for the identified techniques, allowing new techniques to be plugged in.Peer ReviewedPostprint (author’s final draft

Identification and Importance of the Technological Risks of Open Source Software in the Enterprise Adoption Context

Open source software (OSS) has reshaped and remodeled various layers of the organizational ecosystem, becoming an important strategic asset for enterprises. Still, many enterprises are reluctant to adopt OSS. Knowledge about technological risks and their importance for IT executives is still under researched. We aim to identify the technological risks and their importance for OSS adoption during the risk identification phase in the enterprise context. We conducted an extensive literature review, identifying 34 risk factors from 88 papers, followed by an online survey of 115 IT executives to study the risk factors\u27 importance. Our results will be very valuable for practitioners to use when evaluating, assessing and calculating the risks related to OSS product adoption. Also, researchers can use it as a base for future studies to expand current theoretical understanding of the OSS phenomenon related to IT risk management

Using roles for OSS adoption strategy models

Increasing adoption of Open Source Software (OSS) in information system engineering has led to the emergence of different OSS adoption strategies that affect and shape organizations’ business models. OSS adoption strategies can be operationalized by i* models describing the consequences of choosing each strategy. When an organization decides to adopt an OSS component, it becomes a part of the OSS ecosystem around this component. Therefore, OSS adoption strategy models need to be structured in the way to explicitly describe the role of the adopter organization within the OSS ecosystem, which may be quite different depending on the level of compromise that the organization prefers. Making visible the roles played by the different agents involved in the OSS ecosystem, the involvement of the organization in the OSS community arises naturally. This paper includes a set of roles that emerge in an OSS ecosystem and their responsibilities, and describes the issues behind the fact of using the i* role and plays constructs.Postprint (author's final draft

Towards an OSS adoption business impact assessment

Nowadays, the adoption of Open Source Software (OSS) by organizations is becoming a strategic need in a wide variety of application areas. Organizations adopt OSS in very diverse ways. The way in which they adopt OSS affects and shapes their businesses. Therefore, knowing the impact of different OSS adoption strategies in the context of an organization may help improving the processes undertaken inside this organization and ultimately pave the road to strategic moves. However, there is a lack of support for assessing the impact of the OSS adoption over the business of the adopter organizations. Based on the goal-oriented characterization of some OSS adoption strategies, in this paper, we propose a preliminary approach to assess the business impact of the OSS adoption strategies over the adopter organizations. The proposal is based on the Business Model Canvas and graph theory notions to support the elicitation and assessment of the impact of each goal over the adopter organization. We illustrate the application of the approach in the context of a telecommunications company.Peer ReviewedPostprint (author's final draft

Aligning Business Goals and Risks in OSS Adoption

Increasing adoption of Open Source Software (OSS) requires a change in the organizational culture and reshaping IT decision-makers mindset. Adopting OSS software components introduces some risks that can affect the adopter organization’s business goals, therefore they need to be considered. To assess these risks, it is required to understand the socio-technical structures that interrelate the stakeholders in the OSS ecosystem, and how these structures may propagate the potential risks to them. In this paper, we study the connection between OSS adoption risks and OSS adopter organizations’ business goals. We propose a model-based approach and analysis framework that combines two existing frameworks: the i ∗  framework to model and reason about business goals, and the RiskML notation to represent and analyse OSS adoption risks. We illustrate our approach with data drawn from an industrial partner organization in a joint EU project

Risk Mitigation Strategies in Information Systems Continuity Plans for Public Institutions: The case if Industrial Development Zones (IDZs)

Information systems (IS) and new technologies have become an integral part of conducting business in today’s world. Almost all organisational sectors have adopted the use of IT systems and applications to conduct business and stay competitive in the industry within which they operate. However, if not well managed, Information Technology (IT) usage has the potential to expose organisations to various threats and vulnerabilities, which can have disastrous consequences. A risk mitigation plan is a strategy that helps an organisation to deal with a wide range of unexpected events. It covers a long-term plan and strategy that acts as a safety net to both avert a disaster and ensure long term survival. The purpose of this study is to examine risk factors and associated mitigation strategies in public organisation. The case study is the Industrial Development Zone (IDZ) of South Africa. The study had two objectives: (i) identify risks associated with IDZ; and (ii) examine how IDZ address risk mitigation strategies. A qualitative enquiry was used to carry out the study. Data was collected via interviews that were conducted with executive and other key managers from the IDZ. The study identified human, organisational and technological risk factors as those that impact mitigation strategies in public institutions of South Africa. Proposed contextual solutions for these challenges included: (i) the adoption of mobile solutions and on-going research of new mobility solutions so as to keep up to date with technological advancements; (ii) the regular update of security policies of the organisation so as to align with environmental challenges; and (iii) on-going continuous security checks to evaluate and test disaster preparedness. Awareness of tools and applications used to address mitigation was seen as a key technological factor. This study contributes to a better explanation of the challenges faced by IDZs in the developing country of South Africa, and puts forward recommendations for practice