Food for thought: taking a risk perspective

[GeorgLink]

I'm just dropping a thought in here that we can discuss or dismiss.

One of the interviewees stated that the goal for assessing open source community health was to avoid building on a dead project that they might not be able to get pull requests accepted, have undiscovered security issues, etc... The could be described in terms of a risk minimization strategy.

What if, we considered risks?

Risks are different among stakeholders. The community might face financial risks, compatibility risks, timeliness, quality risks, and focus risks (Galanis, 2014). The financial risk could be prevalent in small communities. Compatibility risks arise from depending on other pieces of software, such as libraries. Timely releases, bugfixes, and keeping up with community goals is important to keep all stakeholders engaged. Quality control is important but time-consuming and difficult for smaller communities. A long-term focus or vision helps to keep stakeholders on the same page and offers a stable decision variable for investing in the project.

Corporate community members and any volunteer member face risks. A corporate user might require reliability, security patches, and service over the entire lifetime that an open source software is being used. When investing into an Open Source project, the risk that the project might fail and disappear or change direction away from a stakeholder’s goals, need to be mitigated.

The management of risks might have been mastered by mature and long-standing Open Source software projects that attract a large range of supporters.

Reference
Galanis, N., Casany, M. J., Alier, M., & Mayol, E. (2014). Building a Community: The Moodbile Perspective. In Computer Software and Applications Conference Workshops (COMPSACW), 2014 IEEE 38th International (pp. 211–216). https://doi.org/10.1109/COMPSACW.2014.39