Risk Models

The risk models listed below are used in combination with data stemming from SonarQube, OMM, Fossology and OpenHub in order to produce risk analysis. Each model consists of the following:

  • Normalization intervals, used to adjust absolute values measured on different scales to a common scale from 1 to 5
  • License risk function, which computes a global license score indicator from metrics stemming from Fossology and OMM
  • Quality risk function, computing a score based on SonarQube and OMM metrics
  • Activeness risk function, taking input from OMM and OpenHub

These models were created in the context of the RISCOSS EU project.

Activeness Sensitive Risk ModelThis model correlates low activeness to high risk.
License Sensitive Risk ModelThe strict-IP risk model puts the emphasis on license checking. It helps to identify projects having a large diversity of licenses with possible incompatibilities, or large number of files without an explicit license.
OW2 Risk ModelThe OW2 risk model is the risk model used by default on the OW2 projects' dashboards. Its normalization intervals are slightly more severe than the ones used by the basic risk model. It is less demanding in terms of license checking than the strict-IP model though.
Quality Sensitive Risk ModelThe strict quality risk model is emphasizing risks related to low test coverage or test success density.