Using i* to Represent OSS Ecosystems for Risk Assessment

Open Source Software (OSS) is a strategic asset for organisations thanks to its short time-to-market, the opportunity for a reduced development effort and total cost of ownership, and its customization capabilities. OSS-based solutions include projects that are developed and co-evolve within the same or- ganisation, OSS communities, companies, and regulatory bodies, forming an ar- ticulated strategic business ecosystem. The adoption of OSS in commercial pro- jects leads to numerous challenges in the wide spectrum of available OSS solu- tions and risks emerging from the intrinsic structure of an OSS project. In this position paper we exploit i* models for the understanding of the strategic per- spective of OSS ecosystems, representing actors, dependencies, responsibilities and information flows. These models can play a crucial role in the analysis of organisational risks inherent to OSS component adoption and in the definition of risk mitigation activities.