Descripción: \\samba-lsi-bis\\public_html\index_archivos\logo_riscoss.png





Cuadro de texto: AT A GLANCE

Project title:
Managing Risk and Costs in Open Source Software Adoption (STREP) 

Project coordinator
Xavier Franch
Universitat Politècnica de Catalunya (ES) 

Ericsson Telecomunicazioni (IT)
Fondazione Bruno Kessler (IT)
Universiteit Maastricht (NL)
OW2 (FR)

November 2012 – October 2015

Total cost:

Cuadro de texto: RISCOSS will offer novel risk identification, management and mitigation tools and methods for community-based and industry-supported OSS development, composition and life cycle management to individually, collectively and collaboratively manage OSS adoption risks.




Software goes Open Source


Open Source Software (OSS) has become a strategic asset for a number of reasons, such as its short time-to-market software service and product delivery, reduced development and maintenance costs, and its customization capabilities. OSS technologies are currently embedded in almost all commercial software.


In spite of the increasing strategic importance of OSS technologies, IT com-panies and organizations face numerous difficulties and challenges when making the strategic move to integrate in their processes the open source way of working. This can lead to the perception of possible extra risk with respect to the traditional approaches of software development and provisioning. Such risks (e.g., evaluation, integration, context, process, quality and evolution risks) are not to be neglected since incorrect decisions may lead to expensive failures. Indeed, insufficient risk management has been recently reported as one of the five topmost mistakes to avoid when implementing OSS-based solutions. With proper risk management and mitigation, failures could be reduced or impact cost minimized. To take the most from OSS adoption, the understanding and management of all risks becomes necessary since they directly impact business, with strong effects on time-to-market, revenue and therefore customer satisfaction and brand image.




Strategic OSS ecosystems


As any other information system, OSS ecosystems are not developed, and do not exist, in isolation. Instead, they exist in the wider context of an organization and of various OSS communities, including groups of projects that are developed and co-evolve within the same environment, but also further beyond, their context (the organization itself, OSS communities, regulatory bodies, etc.), forming a wider and more strategic ecosystem.






A typical OSS ecosystem may include several products in a product family, with several versions active each. Moreover, these versions are typically adapted to build personalised releases that meet the needs of different customers. Each single product release version contains a long list of third-party products, many of them OSS components, potentially different (for versions, patch level, etc.) from each other. Above this technological view, several strategic questions emerge, e.g.:


·         How to design the possible viewpoints which to look from at an ecosystem in order to collect relevant information for evolution management?

·         How to secure that specific features of OSS do not harm business strategies and their underlying business models?

·         How to implement a systematic approach toward understanding and representing dependencies that involve OSS components for assessing all kinds of risk?




The answer to these questions requires the clear understanding of OSS ecosystems from a strategic perspective, with clear identification of relevant strategic dependencies in order to control and mitigate all the risks coming from the adoption of OSS components, throughout the lifetime of the different products and components that are part of the OSS ecosystems.



RISCOSS use cases


One of the key issues in the RISCOSS project is the conduction of very different use cases leaded by project’s partners:

·         OSS risk management program in a large IT department.

·         Risk assessment in public admi-nistration OSS projects.

·         Software Quality Assurance and Trustworthiness (SQuAT) programme  in an OSS large community.

·         Assessing development practices of an OSS tool in an SME.

·         Evolution of the platform undertaken in a small OSS community.



RISCOSS impact


·         Organizational impact. Clear definition of the roles, tasks, documents, etc., that are implied in business models and business processes around OSS-based development and distribution.

·         Methodological impact. Definition of guidelines, methods and strategies to manage the risk and leverage the costs in OSS adoption.

·                          Technological impact. Deployment of a platform to make possible the information flow from OSS communities to a company ecosystem and then to support the management of this ecosystem with the OSS components therein.



Cuadro de texto: For further information:
Information Desk
European Commission  - Communications Networks, Content and Technology DG
Office: BU25 02/95 B-1049 Brussels
Tel: +32 2 299 93 99
Fax: +32 2 299 94 99