{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,28]],"date-time":"2025-09-28T20:35:12Z","timestamp":1759091712322,"version":"3.41.2"},"reference-count":48,"publisher":"Emerald","issue":"5","license":[{"start":{"date-parts":[[2015,11,9]],"date-time":"2015-11-09T00:00:00Z","timestamp":1447027200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.emerald.com\/insight\/site-policies"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2015,11,9]]},"abstract":"\n Purpose<\/jats:title>\n \u2013 The purpose of this paper is to identify the technological risks in the context of open source software (OSS) and suggest an integrative OSS risk taxonomy. <\/jats:p>\n <\/jats:sec>\n \n Design\/methodology\/approach<\/jats:title>\n \u2013 The authors conducted an extensive literature review followed by expert interviews and applied the method for taxonomy development. <\/jats:p>\n <\/jats:sec>\n \n Findings<\/jats:title>\n \u2013 This research has identified an integrative OSS risk taxonomy composed of 8 categories with 51 risk items. <\/jats:p>\n <\/jats:sec>\n \n Originality\/value<\/jats:title>\n \u2013 This taxonomy is a very useful tool for practitioners during the decision-making process when evaluating, assessing and calculating risks related to OSS adoption. Moreover, researchers can use it as a starting point for future studies to better understand the OSS phenomenon.<\/jats:p>\n <\/jats:sec>","DOI":"10.1108\/ics-08-2014-0056","type":"journal-article","created":{"date-parts":[[2015,11,3]],"date-time":"2015-11-03T03:30:17Z","timestamp":1446521417000},"page":"570-583","source":"Crossref","is-referenced-by-count":15,"title":["Taxonomy of technological risks of open source software in the enterprise adoption context"],"prefix":"10.1108","volume":"23","author":[{"given":"Mario","family":"Silic","sequence":"first","affiliation":[]},{"given":"Andrea","family":"Back","sequence":"additional","affiliation":[]},{"given":"Dario","family":"Silic","sequence":"additional","affiliation":[]}],"member":"140","reference":[{"key":"key2020121904252178100_b1","unstructured":"Ackermann, T.\n , \n Miede, A.\n , \n Buxmann, P.\n and \n Steinmetz, R.\n (2011), \u201cTaxonomy of technological IT outsourcing risks: support for risk identification and quantification\u201d, ECIS, Helsinki."},{"key":"key2020121904252178100_b2","unstructured":"\u00c5gerfalk, P.J.\n , \n Deverell, A.\n , \n Fitzgerald, B.\n and \n Morgan, L.\n (2005), \u201cAssessing the role of open source software in the European secondary software sector: a voice from industry\u201d, Proceedings of the 1st International Conference on Open Source Systems, Genoa, pp. 82-87."},{"key":"key2020121904252178100_b3","unstructured":"Aspect Security\n (2013), \u201cThe unfortunate reality of insecure libraries\u201d, available at: www.aspectsecurity.com\/uploads\/downloads\/2012\/03\/Aspect-Security-The-Unfortunate-Reality-of-Insecure-Libraries.pdf (accessed September 2014)."},{"key":"key2020121904252178100_b4","doi-asserted-by":"crossref","unstructured":"Bahn, D.\n and \n Dressel, D.\n (2006), \u201cLiability and control risks with open source software\u201d, \n Information Technology: Research and Education\n , ITRE\u201906. International Conference, IEEE, pp. 242-245.","DOI":"10.1109\/ITRE.2006.381573"},{"key":"key2020121904252178100_b5","unstructured":"Cohen, J.\n (1968), \u201cWeighted kappa: nominal scale agreement provision for scaled disagreement or partial credit\u201d, \n Psychological Bulletin\n , Vol. 70 No. 4, p. 213."},{"key":"key2020121904252178100_b6","doi-asserted-by":"crossref","unstructured":"Del Bianco, V.\n , \n Lavazza, L.\n , \n Morasca, S.\n and \n Taibi, D.\n (2011), \u201cA survey on open source software trustworthiness\u201d, \n Software, IEEE\n , Vol. 28 No. 5, pp. 67-75.","DOI":"10.1109\/MS.2011.93"},{"key":"key2020121904252178100_b7","unstructured":"Deloitte\n (2012), \u201cOpen mobile survey\u201d, available at: www.deloitte.com\/assets\/Dcom-Turkey\/Local%20Assets\/Documents\/turkey_tr_tmt_openmobile_220212.pdf (accessed September 2014)."},{"key":"key2020121904252178100_b8","doi-asserted-by":"crossref","unstructured":"Dewey, M.E.\n (1983), \u201cCoefficients of agreement\u201d, \n The British Journal of Psychiatry\n , Vol. 143 No. 5, pp. 487-489.","DOI":"10.1192\/bjp.143.5.487"},{"key":"key2020121904252178100_b9","doi-asserted-by":"crossref","unstructured":"Faisst, U.\n and \n Prokein, O.\n (2005), \u201cAn optimization model for the management of security risks in banking companies\u201d, E-Commerce Technology, CEC 2005, Seventh IEEE International Conference, IEEE, Munich, pp. 266-273.","DOI":"10.1109\/ICECT.2005.21"},{"key":"key2020121904252178100_b10","doi-asserted-by":"crossref","unstructured":"Federspiel, S.B.\n and \n Brincker, B.\n (2010), \u201cSoftware as risk: introduction of open standards in the Danish public sector\u201d, \n Information Society\n , Vol. 26 No. 1, pp. 38-47.","DOI":"10.1080\/01972240903423345"},{"key":"key2020121904252178100_b11","doi-asserted-by":"crossref","unstructured":"Fitzgerald, B.\n and \n Kenny, T.\n (2004), \u201cDeveloping an information systems infrastructure with open source software\u201d, \n Software, IEEE\n , Vol. 21 No. 1, pp. 50-55.","DOI":"10.1109\/MS.2004.1259216"},{"key":"key2020121904252178100_b12","unstructured":"Franch, X.\n , \n Susi, A.\n , \n Annosi, M.C.\n , \n Ayala, C.\n , \n Glott, R.\n , \n Gross, D.\n , \n Kenett, R.\n , \n Mancinelli, F.\n , \n Ramsamy, P.\n and \n Thomas, C.\n (2013), \u201cManaging risk in open source software adoption\u201d, Proceedings of 8th International Conference on Software Engineering and Applications (ICSOFT-EA 2013), SciTePress, Reykjavik."},{"key":"key2020121904252178100_b13","doi-asserted-by":"crossref","unstructured":"Goode, S.\n (2005), \u201cSomething for nothing: management rejection of open source software in Australia\u2019s top firms\u201d, \n Information & Management\n , Vol. 42 No. 5, pp. 669-681.","DOI":"10.1016\/j.im.2004.01.011"},{"key":"key2020121904252178100_b14","unstructured":"Gouscos, D.\n , \n Kalikakis, M.\n and \n Georgiadis, P.\n (2003), \u201cAn approach to modeling web service QoS and provision price: web information systems engineering workshops (2003)\u201d, Proceedings of Fourth International Conference, IEEE, Rome, pp. 121-130."},{"key":"key2020121904252178100_b15","doi-asserted-by":"crossref","unstructured":"Gregor, S.\n (2006), \u201cThe nature of theory in information systems\u201d, \n MIS Quarterly\n , Vol. 30 No. 3, pp. 611-642.","DOI":"10.2307\/25148742"},{"key":"key2020121904252178100_b17","doi-asserted-by":"crossref","unstructured":"Hauge, \u00d8.\n , \n Ayala, C.\n and \n Conradi, R.\n (2010a), \u201cAdoption of open source software in software-intensive organizations: a systematic literature review\u201d, \n Information and Software Technology\n , Vol. 52 No. 11, pp. 1133-1154.","DOI":"10.1016\/j.infsof.2010.05.008"},{"key":"key2020121904252178100_b16","doi-asserted-by":"crossref","unstructured":"Hauge, \u00d8.\n , \n S\u00d8rensen, C.F.\n and \n Conradi, R.\n (2008), \u201cAdoption of open source in the software industry\u201d, \n Open Source Development, Communities and Quality\n , Springer, US.","DOI":"10.1007\/978-0-387-09684-1_17"},{"key":"key2020121904252178100_b18","doi-asserted-by":"crossref","unstructured":"Hauge, O.\n , \n Cruzes, D.S.\n , \n Conradi, R.\n , \n Velle, K.S.\n and \n Skarpenes, T.A.\n (2010b), \u201cRisks and risk mitigation in open source software adoption: bridging the gap between literature and practice\u201d, in \n Agerfalk, P.\n , \n Boldyreff, C.\n , \n Gonzalezbarahona, J.M.\n , \n Madey, G.R.\n and \n Noll, J.\n (Eds), \n Open Source Software: New Horizons\n , Springer, Berlin.","DOI":"10.1007\/978-3-642-13244-5_9"},{"key":"key2020121904252178100_b19","doi-asserted-by":"crossref","unstructured":"Hayes, A.F.\n and \n Krippendorff, K.\n (2007), \u201cAnswering the call for a standard reliability measure for coding data\u201d, \n Communication Methods and Measures\n , Vol. 1 No. 1, pp. 77-89.","DOI":"10.1080\/19312450709336664"},{"key":"key2020121904252178100_b20","doi-asserted-by":"crossref","unstructured":"Henderson, J.\n (2005), \u201cGoogle scholar: a source for clinicians?\u201d, \n Canadian Medical Association Journal\n , Vol. 172 No. 12, pp. 1549-1550.","DOI":"10.1503\/cmaj.050404"},{"key":"key2020121904252178100_b21","unstructured":"Howard, J.D.\n and \n Longstaff, T.A.\n (1998), \u201cA common language for computer security incidents\u201d, \n Sandia National Laboratories\n ."},{"key":"key2020121904252178100_b22","doi-asserted-by":"crossref","unstructured":"Jaaksi, A.\n (2007), \u201cExperiences on product development with open source software\u201d, \n Open Source Development, Adoption and Innovation\n , Springer, US.","DOI":"10.1007\/978-0-387-72486-7_7"},{"key":"key2020121904252178100_b24","unstructured":"Mcghee, D.D.\n (2007), \u201cFree and open source software licenses: benefits, risks, and steps toward ensuring compliance\u201d, \n Intellectual Property & Technology Law Journal\n , Vol. 19 No. 11, p. 5."},{"key":"key2020121904252178100_b23","doi-asserted-by":"crossref","unstructured":"March, S.T.\n and \n Smith, G.F.\n (1995), \u201cDesign and natural science research on information technology\u201d, \n Decision Support Systems\n , Vol. 15 No. 4, pp. 251-266.","DOI":"10.1016\/0167-9236(94)00041-2"},{"key":"key2020121904252178100_b25","unstructured":"Morgan, L.\n and \n Finnegan, P.\n (2007a), \u201cBenefits and drawbacks of open source software: an exploratory study of secondary software firms\u201d, \n Open Source Development, Adoption and Innovation\n , Springer, US."},{"key":"key2020121904252178100_b26","unstructured":"Morgan, L.\n and \n Finnegan, P.\n (2007b), \u201cHow perceptions of open source software influence adoption: an exploratory study\u201d, Proceedings of the 15th European Conference on Information Systems (ECIS), pp. 7-9."},{"key":"key2020121904252178100_b27","doi-asserted-by":"crossref","unstructured":"Nagy, D.\n , \n Yassin, A.M.\n and \n Bhattacherjee, A.\n (2010), \u201cOrganizational adoption of open source software: barriers and remedies\u201d, \n Communications of the ACM\n , Vol. 53 No. 3, pp. 148-151.","DOI":"10.1145\/1666420.1666457"},{"key":"key2020121904252178100_b28","unstructured":"Nickerson, R.C.\n , \n Muntermann, J.\n and \n Varshney, U.\n (2010), \u201cTaxonomy development in information systems: a literature survey and problem statement\u201d, AMCIS, Lima."},{"key":"key2020121904252178100_b29","doi-asserted-by":"crossref","unstructured":"Nickerson, R.C.\n , \n Varshney, U.\n and \n Muntermann, J.\n (2013), \u201cA method for taxonomy development and its application in information systems\u201d, \n European Journal of Information Systems\n , Vol. 22 No. 3, pp. 336-359.","DOI":"10.1057\/ejis.2012.26"},{"key":"key2020121904252178100_b30","unstructured":"North Bridge Venture Partners\n (2013), \u201cFuture of open source software\u201d, available at: http:\/\/northbridge.view.huntandgather.com\/open-source\/survey-2011 (accessed September 2014)."},{"key":"key2020121904252178100_b31","unstructured":"Perens, B.\n (1999), \u201cThe open source definition\u201d, \n Open Sources: Voices from the Open Source Revolution\n , O\u2019Reilly \n\t\t\t\t\t&\n\t\t\t\t Associates, US, pp. 171-185."},{"key":"key2020121904252178100_b32","doi-asserted-by":"crossref","unstructured":"Rudzki, J.\n , \n Kiviluoma, K.\n , \n Poikonen, T.\n and \n Hammouda, I.\n (2009), \u201cEvaluating quality of open source components for reuse-intensive commercial solutions\u201d, Software Engineering and Advanced Applications (2009), SEAA \u201809: 35th Euromicro Conference, Patras, 27-29 August 2009, pp. 11-19.","DOI":"10.1109\/SEAA.2009.30"},{"key":"key2020121904252178100_b33","doi-asserted-by":"crossref","unstructured":"Schryen, G.\n (2011), \u201cIs open source security a myth?\u201d, \n Communications of the ACM\n , Vol. 54 No. 5, pp. 130-140.","DOI":"10.1145\/1941487.1941516"},{"key":"key2020121904252178100_b34","doi-asserted-by":"crossref","unstructured":"Schweik, C.M.\n and \n English, R.C.\n (2012), \n Internet Success: A Study of Open-Source Software Commons\n , MIT Press, US.","DOI":"10.7551\/mitpress\/9780262017251.001.0001"},{"key":"key2020121904252178100_b35","doi-asserted-by":"crossref","unstructured":"Silic, M.\n (2013), \u201cDual-use open source security software in organizations \u2013 Dilemma: help or hinder?\u201d, \n Computers & Security\n , Vol. 39, Part B, November 2013, pp. 386-395.","DOI":"10.1016\/j.cose.2013.09.003"},{"key":"key2020121904252178100_b36","doi-asserted-by":"crossref","unstructured":"Silic, M.\n and \n Back, A.\n (2013), \u201cInformation security and open source dual use security software: trust paradox\u201d, \n Open Source Software: Quality Verificatio\n , Springer, Berlin.","DOI":"10.1007\/978-3-642-38928-3_14"},{"key":"key2020121904252178100_b37","unstructured":"Silic, M.\n and \n Back, A.\n (2015), \u201cIdentification and importance of the technological risks of open source software in the enterprise adoption context\u201d, 12th International Conference on Wirtschaftsinformatik (2015), Osnabr\u00fcck, Germany, pp. 1163-1176."},{"key":"key2020121904252178100_b38","unstructured":"Simon, H.A.\n (1996), \n The Sciences of the Artificial\n , MIT Press, US."},{"key":"key2020121904252178100_b39","unstructured":"Slovic, P.E.\n (2000), \n The Perception of Risk\n , Earthscan Publications, US."},{"key":"key2020121904252178100_b40","unstructured":"Tiangco, F.\n , \n Stockwell, A.\n , \n Sapsford, J.\n , \n Rainer, A.\n and \n Swanton, E.\n (2005), \u201cOpen-source software in an occupational health application: the case of Heales Medical Ltd\u201d, \n Procs\n , Vol. 1, pp. 130-134."},{"key":"key2020121904252178100_b41","doi-asserted-by":"crossref","unstructured":"Van Rooij, S.W.\n (2007), \u201cPerceptions of open source vs commercial software: is higher education still on the fence?\u201d, \n Journal of Research on Technology in Education\n , Vol. 39 No. 4, pp. 433-453.","DOI":"10.1080\/15391523.2007.10782491"},{"key":"key2020121904252178100_b42","doi-asserted-by":"crossref","unstructured":"Ven, K.\n and \n Mannaert, H.\n (2008), \u201cChallenges and strategies in the use of open source software by independent software vendors\u201d, \n Information and Software Technology\n , Vol. 50 Nos 9\/10, pp. 991-1002.","DOI":"10.1016\/j.infsof.2007.09.001"},{"key":"key2020121904252178100_b43","doi-asserted-by":"crossref","unstructured":"Ven, K.\n and \n Verelst, J.\n (2012), \u201cA qualitative study on the organizational adoption of open source server software\u201d, \n Information Systems Management\n , Vol. 29 No. 3, pp. 170-187.","DOI":"10.1080\/10580530.2012.687305"},{"key":"key2020121904252178100_b44","doi-asserted-by":"crossref","unstructured":"Ven, K.\n , \n Verelst, J.\n and \n Mannaert, H.\n (2008), \u201cShould you adopt open source software?\u201d, \n Software, IEEE\n , Vol. 25 No. 3, pp. 54-59.","DOI":"10.1109\/MS.2008.73"},{"key":"key2020121904252178100_b45","unstructured":"Vom Brocke, J.\n , \n Simons, A.\n , \n Niehaves, B.\n , \n Riemer, K.\n , \n Plattfaut, R.\n and \n Cleven, A.\n (2009), \u201cReconstructing the giant: on the importance of rigour in documenting the literature search process\u201d, ECIS, Verona, pp. 2206-2217."},{"key":"key2020121904252178100_b46","unstructured":"Webster, J.\n and \n Watson, R.T.\n (2002), \u201cAnalyzing the past to prepare\u201d, \n MIS Quarterly\n , Vol. 26 No. 2, pp. 13-23."},{"key":"key2020121904252178100_b47","unstructured":"Wheeler, E.\n and \n Swick, K.\n (2011), \n Security Risk Management: Building An Information Security Risk Management Program From the Ground Up\n , Syngress, US."},{"key":"key2020121904252178100_b48","unstructured":"Whitman, M.\n and \n Mattord, H.\n (2011), \n Principles of Information Security\n , Cengage Learning, US."}],"container-title":["Information & Computer Security"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/www.emeraldinsight.com\/doi\/full-xml\/10.1108\/ICS-08-2014-0056","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-08-2014-0056\/full\/xml","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/www.emerald.com\/insight\/content\/doi\/10.1108\/ICS-08-2014-0056\/full\/html","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,7,25]],"date-time":"2025-07-25T01:23:06Z","timestamp":1753406586000},"score":1,"resource":{"primary":{"URL":"http:\/\/www.emerald.com\/ics\/article\/23\/5\/570-583\/110955"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2015,11,9]]},"references-count":48,"journal-issue":{"issue":"5","published-print":{"date-parts":[[2015,11,9]]}},"alternative-id":["10.1108\/ICS-08-2014-0056"],"URL":"https:\/\/doi.org\/10.1108\/ics-08-2014-0056","relation":{},"ISSN":["2056-4961"],"issn-type":[{"type":"print","value":"2056-4961"}],"subject":[],"published":{"date-parts":[[2015,11,9]]}}}