Aligning Business Goals and Risks in OSS Adoption

Increasing adoption of Open Source Software (OSS) requires a change in the organizational culture and reshaping IT decision-makers mindset. Adopting OSS software components introduces some risks that can affect the adopter organization’s business goals, therefore they need to be considered. To assess these risks, it is required to understand the socio-technical structures that interrelate the stakeholders in the OSS ecosystem, and how these structures may propagate the potential risks to them. In this paper, we study the connection between OSS adoption risks and OSS adopter organizations’ business goals. We propose a model-based approach and analysis framework that combines two existing frameworks: the i* framework to model and reason about business goals, and the RiskML notation to represent and analyse OSS adoption risks. We illustrate our approach with data drawn from an industrial partner organization in a joint EU project.

[1]  Axel van Lamsweerde,et al.  Assessing requirements-related risks through probabilistic goals and obstacles , 2013, Requirements Engineering.

[2]  Giancarlo Guizzardi,et al.  Applying a foundational ontology to analyze means-end links in the i∗ framework , 2012, 2012 Sixth International Conference on Research Challenges in Information Science (RCIS).

[3]  Alberto Siena,et al.  Risk Awareness in Open Source Component Selection , 2014, BIS.

[4]  John Mylopoulos,et al.  Goal-driven risk assessment in requirements engineering , 2011, Requirements Engineering.

[5]  Alberto Siena,et al.  Modelling Risks in Open Source Software Component Selection , 2014, ER.

[6]  Giancarlo Guizzardi,et al.  Ontological foundations for structural conceptual models , 2005 .

[7]  Xavier Franch,et al.  Modelling and Applying OSS Adoption Strategies , 2014, ER.

[8]  Ketil Stølen,et al.  Model-Driven Risk Analysis - The CORAS Approach , 2010 .

[9]  Eric Dubois,et al.  Conceptual Integration of Enterprise Architecture Management and Security Risk Management , 2013, 2013 17th IEEE International Enterprise Distributed Object Computing Conference Workshops.

[10]  Roel Wieringa,et al.  Design Science Methodology for Information Systems and Software Engineering , 2014, Springer Berlin Heidelberg.

[11]  Joost Visser,et al.  A Practical Model for Measuring Maintainability , 2007, 6th International Conference on the Quality of Information and Communications Technology (QUATIC 2007).

[12]  Axel van Lamsweerde,et al.  Handling Obstacles in Goal-Oriented Requirements Engineering , 2000, IEEE Trans. Software Eng..

[13]  Xavier Franch,et al.  Managing Risk in Open Source Software Adoption , 2018, ICSOFT.

[14]  Giancarlo Guizzardi,et al.  An ontology-based semantic foundation for ARIS EPCs , 2010, SAC '10.

[15]  John Mylopoulos,et al.  Capturing Variability of Law with Nómos 2 , 2012, ER.

[16]  Xavier Franch,et al.  Making Explicit Some Implicit i* Language Decisions , 2011, ER.

[17]  Angélica Caro,et al.  A Probabilistic Approach to Web Portal's Data Quality Evaluation , 2007 .

[18]  Eric Yu,et al.  Modeling Strategic Relationships for Process Reengineering , 1995, Social Modeling for Requirements Engineering.

[19]  Mehrdad Sabetzadeh,et al.  Combining Goal Models, Expert Elicitation, and Probabilistic Simulation for Qualification of New Technology , 2011, 2011 IEEE 13th International Symposium on High-Assurance Systems Engineering.

[20]  John Mylopoulos,et al.  Reasoning with Goal Models , 2002, ER.

[21]  John Mylopoulos,et al.  Reasoning with Key Performance Indicators , 2011, PoEM.

[22]  Oscar Pastor,et al.  Integrating the Goal and Business Process Perspectives in Information System Analysis , 2014, CAiSE.