GitHubAnalyzer

What is GitHubAnalyzer?

GitHubAnalyzer is a public platform to introduce the RISCOSS project, a research project partially funded by the European Commission. With GitHubAnalyzer you can run simple risk analysis on any GitHub project.

With GitHubAnalyzer, we want to share the RISCOSS concept and start a discussion with you.

Your feedback is important to us. Does RISCOSS address an actual need? Do you find the results useful, interesting, pointless? What level of information do you need in order to feel confident the RISCOSS? What type of analysis would you like from RISCOSS? Etc.

How does it work?

Much data is generated by the development activity and captured by tools such as the core development platform and the testing tools. Data is also generated by the community and captured by mailing lists, tweets, etc.

The main idea behind RISCOSS is that all open source projects can be analyzed through the data they generate. RISCOSS combines data available on a project into models in order to provide value-added information on the project, its software and its community.

RISCOSS feeds data on open source components into risk models in order to answer requests by potential users and integrators.

Why is it useful?

Open source software is a counter-intuitive concept for many conventional developers and IT managers. Some think open source software lacks the guarantees they attribute to proprietary software and, as a consequence, is more uncertain and risky.

The objective of RISCOSS is to help conventional decision-makers to overcome the fear of adopting open source software. Understanding the possible risks and the possible solutions can help with addressing the inherent uncertainty they tend to expect with this type of software.

Now you know where the name RISCOSS comes from.

How does it help?

As the name suggests, RISCOSS analyzes projects in terms of the potential risk posed by using or integrating open source software. More generally, RISCOSS helps assess areas of concerns or weaknesses in an open source project.

The methodology combines data related to an area of concern, or risk, and derives a score for each area. Users and integrators can make an informed decision depending on the score.

To be thorough, the intended usage of the software must always be taken into consideration. What can be called the “business intention” can impact significantly the that is by a given user's acceptable risk profile.

What risks are analyzed?

A risk is a potential area of concern for a user or an integrator. We assume however that all share basic concerns about code quality, bugs, etc. In GitHubAnalyzer we focus on the following risks:

The RISCOSS project

The RISCOSS project was launched to develop a risk management-based methodology to facilitate the adoption of open source code into mainstream products and services.

The project stemmed from the need to address issues raised by communication equipment manufacturers looking to integrate open source code into their products. RISCOSS developed a methodology and a software platform that integrate the whole decision-making chain, from technology criteria to strategic issues.

RISCOSS relies on a consortium of eight partners bringing together industry and academic leaders, innovative technology start-ups and open source community expertise.

The RISCOSS project was funded in part by the FP7 Programme of the European Commission under contract 318249. It started in November 2012 and will end in October 2015.