Risk assessment in open source systems

Adopting Open Source Software (OSS) components offers many advantages to organizations but also introduces risks related to the intrinsic fluidity of the OSS development projects. Choosing the right components is a critical decision, as it could contribute to the success of any adoption process. Making the right decision requires to evaluate the technical capabilities of the components and also related strategic aspects, including possible impacts on high level objectives. This can be achieved through a portfolio of risk assessment and mitigation methods. In this briefing we introduce the basic concepts related to OSS ecosystems and to risk representation and reasoning. We illustrate how risk management activities in OSS can benefit from the large amount of data available from OSS repositories and how they can be connected to business goals for strategic decision-making. The concepts are illustrated with a software platform developed in the context of the EU FP7 project RISCOSS.