This document presents a 3-layer approach to managing risks in open source software projects. Layer 1 involves collecting data through scenario-based assessments of risk drivers and their distributions. Layer 2 computes risk indicators for projects and communities and links them to business risks. Layer 3 uses goal reasoning to analyze the impact of risks on business goals. The approach separates concerns in risk analysis and the authors are working to improve automation and apply the approach through a platform called RISCOSS.
9. Layer 2. Risk indicator computation
Project
Timeliness
Weekday: When
the commit was
made
Bug fix time
Bug fix time for
critical & blocker
level bugs
Month: When the
commit was made
Hour: When the
commit was made
Month day: When
the commit was
made
Timeliness Risk Drivers
Commit frequency
/ week
Probabilistic, efficient:
• Diagnosis
• Prediction
• Classification
• Decision-making
Built using:
GeNie-SIMILE
10. Project
Timeliness
Outdated mobile
technology
Business risks
Investment not
reused
Distance learning
buggy
Students
dissatisfied
Reputation school
declined
School objects
distance learning
Activeness
Timeliness
Comunity
activiness
Comunity
cohesion
Project risk
indicators
Community risk
indicators
Layer 2. Linking to business risks