Using i* to Represent OSS Ecosystems for Risk Assessment