About the RISCOSS Platform for OW2
An introduction to RISCOSS
The RISCOSS was set up to develop a risk management-based methodology to facilitate the adoption of open source code into mainstream products and services.
The project's idea came from the need to address issues raised by communication equipment manufacturers looking to integrate open source code into their products. RISCOSS developed both a methodology and a software platform that integrate the whole decision-making chain, from technology criteria to strategic concerns.
RISCOSS relies on a consortium of eight partners bringing together industry and academic leaders, innovative technology start-ups and open source community expertise.
The RISCOSS project was funded in part by the FP7 Programme of the European Commission under contract 318249. It started in November 2012 and will end in October 2015.
How does it work?
Much data is generated by the development activity and captured by tools such as the core development platform and the testing tools. Data is also generated by the community activity and captured by mailing lists, tweets, etc.
The main idea behind RISCOSS is that all open source projects can be analyzed through the data they generate. RISCOSS combines data available on a project into models in order to provide information about the project, its software and its community.
RISCOSS feeds data about open source components into risk models in order to answer requests by potential users and integrators.
Why is it useful?
Open source software is a counter intuitive concept for many conventional developers and IT managers. Some think open source software lack the guarantees they attribute to proprietary software and, as a consequence, are more uncertain and risky.
The objective of RISCOSS is to assist conventional decision makers in overcoming the fear of adopting open source software. Understanding the possible risks and the possible solutions can help with addressing the inherent uncertainty they tend, rightly or not, to expect with this type of software.
Incidentally now you have the explanation of the name: RISCOSS.
What risks are analyzed?
A risk is a potential area of concern for a user or an integrator. We assume however that all share basic concerns about code quality, bugs, etc. The RISCOSS project has elicited the following risks:
- License and IP risk
- Code quality risk
- Project activity risk
How does it help?
As its name suggests, RISCOSS analyzes projects in terms of the potential risk posed by using or integrating open source software. More generally, RISCOSS helps assess areas of concerns or weaknesses in an open source project.
The methodology combines data related to an area of concern, or risk, and derives a score for each area., Users and integrators can make an informed decision depending on, the score.
To be thorough one must also take into consideration the importance of the risk in question with regard to the intended usage.
How do we use it?
As a research project, RISCOSS help us create a methodology and implement it through a software toolchain. However, one formal process can be implemented in a number of different ways. In the project, academic partners developed a core knowledge and use-case partners implemented it in their own ways.
To simplify there are three broad usages of the methodology. The first one is a demonstrator; aiming at building awareness, it is associated to a simple implementation of the methodology. The second one concerns the consumers, those who want to assess a software they want to use. The second concerns the producers, those who want the software they are developing by integrating open source components. The main difference is that consumers evaluate just one software while producers evaluate combinations of components.
The table below summarizes the main differences.
| Business Models | Public | Community | Corporate |
|---|---|---|---|
| Platform Development | Public by XWiki | Community by OW2 | Corporate by FBK/UPC |
| Platform Technology | XWiki + Java | XWiki + Javascript | Java |
| Platform Instance | GitHubAnalysis | OW2 | On-Premises |
| Data Sources | GitHub Repository |
| Customized |
| Data Collectors | 1 | 4 (extensible) | Customized |
| Data Points | 17 | 26 | Customized |
| Users | Untrained | Untrained | Trained |
| Project Leaders | Untrained | Trained | Trained |
| Usage Mode | 100% Online |
|
|
| Risks Categories |
|
| Customized |
| Target | OSS Market | OW2 Market | Private |
| Layers | No | No | Yes |
| Components | No | No | Yes |
| What-If Analysis | No | For project leaders | Yes |
| Objective | RISCOSS demonstration (give an idea of what RISCOSS can do) | Project Analysis (provide a synthetic opinion on projects to potential users) | Product Development (help develop new products by assembling components) |