ApacheCon Europe 2012

Rhein-Neckar-Arena, Sinsheim, Germany

5–8 November 2012

Managing project risk when using open source

Ross Gardler

Audience level:

Wednesday 3:45 p.m.–4:30 p.m. in Press Room


Identifying and managing non-technical risk in community led open source projects can be difficult. This session will present a model by which such risks can be identified and thus mitigated.


Open source software projects need to ensure that people are willing and able to engage with their software communities. Similarly, businesses seeking to adopt open source solutions need to be sure they can do so without exposing themselves to unmanageable risk. Evaluating technical risk of open source is often easier than it is with closed source, simply download the code and conduct and build a basic proof of concept. But dig a little deeper, there are many non-technical questions buried underneath, such as:

  • Will the project still be there in a year, five years, ten yeats, longer?
  • Can I influence the project to ensure it suite my needs?
  • Can I buy support if I need it?
  • What if the project leadership stop development tomorrow?
  • Will the license restrict my business model?
  • What are the main risks and how do I mitigate against them?
  • If I do bet my business on it what aspects of the project must I focus my attention on first?

This session will introduce an approach to evaluating the maturity of the non-technical aspects of an open source software solutions. Using this evaluation we can clearly see any weak points in a projects development and governance processes. Once identified those weaknesses can be addressed or avoided as appropriate. Through a number of case studies we will demonstrate how this model assists in project planning and resource allocation when adopting open source solutions.