Challenges and Solutions of Risk Management in Software Ecosystems
Resumo
Research Context: Software ecosystems (SECO) differ from other software development contexts and increase the complexity of risk management. Scientific and/or Practical Problem: It remains unclear the way risk management is conducted in SECO, which risks are specific to this context, and which solutions have been proposed. Proposed Analysis: This study investigates risk management in SECO by identifying SECO-specific risks, mapping solutions and their evaluations, and highlighting existing challenges. Related IS Theory. Socio-technical Theory provides a perspective by emphasizing the interdependence of technical and social factors in risk management in SECO. Research Method: We conducted a systematic mapping study following established guidelines, including study selection, data extraction, and qualitative coding. Summary of Results: We identified 24 SECO-specific risks, 21 solutions, of which 15 were evaluated, and 14 challenges related to risk management in SECO. Contributions and Impact to IS area: This study consolidates knowledge on risk management in SECO and provides insights to support researchers and practitioners in designing more effective mitigation strategies.
Referências
Bilousiva, L., Gryzun, L., Zhytienova, N. e Pikalova, V. (2023). Issues of formalization of risk management process in software design. In 4th International Workshop on Intelligent Information Technologies and Systems of Information Security, pages 48–57.
Boscarioli, C., Araujo, R. M. e Maciel, R. S. P., editors (2017). I GranDSI-BR – Grand Research Challenges in Information Systems in Brazil 2016–2026. SBC, Porto Alegre, Brazil.
Campos, G. d. S. S. d., Silva, F. I. R. d., Malcher, P. e Santos, R. P. d. (2025). Material suplementar do artigo “challenges and solutions of risk management in software ecosystems”’. DOI: 10.5281/zenodo.17261825.
Charmaz, K. (2006). Constructing grounded theory: A practical guide through qualitative analysis. Sage.
Chen, X. e Deng, Y. (2022). An evidential software risk evaluation model. Mathematics, 10(13).
Damian, D., Linåker, J., Johnson, D., Clear, T. e Blincoe, K. (2021). Challenges and strategies for managing requirements selection in software ecosystems. IEEE Software, 38(6):76–87.
Hou, F. e Jansen, S. (2024). A survey of the state-of-the-art approaches for evaluating trust in software ecosystems. Journal of Software: Evolution and Process, 36(10):e2695.
Jansen, S. (2020). A focus area maturity model for software ecosystem governance. Information and Software Technology, 118:106219.
Keshani, M., Bot, G., Rungta, P., Izadi, M., Van Deursen, A. e Proksch, S. (2024). Maven unzipped: Exploring the impact of library packaging on the ecosystem. In 2024 IEEE International Conference on Software Maintenance and Evolution (ICSME), pages 50–62.
Kitchenham, B. e Charters, S. (2007). Guidelines for performing systematic literature reviews in software engineering. Technical report, Evidence-Based Software Engineering (EBSE) Project.
Lopes, S. d. S., Vargas, I. G., Oliveira, A. L. d. e Braga, R. T. V. (2020). Risk management for system of systems: A systematic mapping study. In 2020 IEEE International Conference on Software Architecture Companion (ICSA-C), pages 258–265. IEEE.
Luthfiansyah, F., Prasetyo, A. e Raharjo, T. (2024). A systematic review of risk management tools and techniques in software projects. The Indonesian Journal of Computer Science, 13(1).
Manalif, E., Capretz, L. F. e Ho, D. (2013). Software ecosystems risks. In 8th International Conference on Software Engineering and Applications, pages 417–422.
Mandych, O., Zaika, S., Zaika, O., Zhyliakova, O., Blyzniuk, et al. (2023). Risk management of innovation activities in the digital ecosystem. INNOVATIONS IN THE SCIENTIFIC, TECHNICAL AND SOCIAL ECOSYSTEMS, 1(6):24–45.
Manikas, K. (2016). Revisiting software ecosystems research: A longitudinal literature study. Journal of Systems and Software, 117:84–103.
Menezes Jr, J., Gusmão, C. e Moura, H. (2019). Risk factors in software development projects: a systematic literature review. Software Quality Journal, 27(3):1149–1174.
Mens, T. e Roover, C. d. (2023). An Introduction to Software Ecosystems, pages 1–29. Springer International Publishing, Cham.
Messerschmitt, D. G. e Szyperski, C. (2003). Software Ecosystem: Understanding an Indispensable Technology and Industry. MIT press.
Oliveira, J. e Alves, C. (2021). Software ecosystems governance – an analysis of sap and gnome platforms. In 2021 47th Euromicro Conference on Software Engineering and Advanced Applications (SEAA), pages 296–299.
Olsson, T. e Franke, U. (2019). Risks and assets: a qualitative study of a software ecosystem in the mining industry. In Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ESEC/FSE 2019, page 895–904, New York, NY, USA. Association for Computing Machinery.
Petersen, K., Vakkalanka, S. e Kuzniarz, L. (2015). Guidelines for conducting systematic mapping studies in software engineering: An update. Information and software technology, 64:1–18.
Pilliang, M. e Munawar, M. (2022). Risk management in software development projects: A systematic literature review. Khazanah Informatika: Jurnal Ilmu Komputer dan Informatika, 8(2).
PMI (2021). A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Seventh Edition and The Standard for Project Management. Project Management Institute, Newtown Square, PA, 7 edition.
Prakash, B. e Viswanathan, V. (2020). A comparative study of meta-heuristic optimisation techniques for prioritisation of risks in agile software development. International Journal of Computer Applications in Technology, 62(2):175–188.
Schueller, W. e Wachs, J. (2024). Modeling interconnected social and technical risks in open source software ecosystems. Collective Intelligence, 3(1):26339137241231912.
Shaw, M. (2003). Writing good software engineering research papers. In 25th International Conference on Software Engineering, pages 726–736. IEEE.
Siddiqui, A. T. (2024). Importance of risk management in software engineering. Asian Journal of Technology & Management Research (AJTMR) ISSN, 2249(0892).
Trist, E. L. (1981). The evolution of socio-technical systems, volume 2. Ontario Quality of Working Life Centre Toronto.
Valério, K. G. O., da Silva, C. E. S. e Neves, S. M. (2020). Risk management in software development projects: systematic review of the state of the art literature. International Journal of Open Source Software and Processes (IJOSSP), 11(1):1–22.
Boscarioli, C., Araujo, R. M. e Maciel, R. S. P., editors (2017). I GranDSI-BR – Grand Research Challenges in Information Systems in Brazil 2016–2026. SBC, Porto Alegre, Brazil.
Campos, G. d. S. S. d., Silva, F. I. R. d., Malcher, P. e Santos, R. P. d. (2025). Material suplementar do artigo “challenges and solutions of risk management in software ecosystems”’. DOI: 10.5281/zenodo.17261825.
Charmaz, K. (2006). Constructing grounded theory: A practical guide through qualitative analysis. Sage.
Chen, X. e Deng, Y. (2022). An evidential software risk evaluation model. Mathematics, 10(13).
Damian, D., Linåker, J., Johnson, D., Clear, T. e Blincoe, K. (2021). Challenges and strategies for managing requirements selection in software ecosystems. IEEE Software, 38(6):76–87.
Hou, F. e Jansen, S. (2024). A survey of the state-of-the-art approaches for evaluating trust in software ecosystems. Journal of Software: Evolution and Process, 36(10):e2695.
Jansen, S. (2020). A focus area maturity model for software ecosystem governance. Information and Software Technology, 118:106219.
Keshani, M., Bot, G., Rungta, P., Izadi, M., Van Deursen, A. e Proksch, S. (2024). Maven unzipped: Exploring the impact of library packaging on the ecosystem. In 2024 IEEE International Conference on Software Maintenance and Evolution (ICSME), pages 50–62.
Kitchenham, B. e Charters, S. (2007). Guidelines for performing systematic literature reviews in software engineering. Technical report, Evidence-Based Software Engineering (EBSE) Project.
Lopes, S. d. S., Vargas, I. G., Oliveira, A. L. d. e Braga, R. T. V. (2020). Risk management for system of systems: A systematic mapping study. In 2020 IEEE International Conference on Software Architecture Companion (ICSA-C), pages 258–265. IEEE.
Luthfiansyah, F., Prasetyo, A. e Raharjo, T. (2024). A systematic review of risk management tools and techniques in software projects. The Indonesian Journal of Computer Science, 13(1).
Manalif, E., Capretz, L. F. e Ho, D. (2013). Software ecosystems risks. In 8th International Conference on Software Engineering and Applications, pages 417–422.
Mandych, O., Zaika, S., Zaika, O., Zhyliakova, O., Blyzniuk, et al. (2023). Risk management of innovation activities in the digital ecosystem. INNOVATIONS IN THE SCIENTIFIC, TECHNICAL AND SOCIAL ECOSYSTEMS, 1(6):24–45.
Manikas, K. (2016). Revisiting software ecosystems research: A longitudinal literature study. Journal of Systems and Software, 117:84–103.
Menezes Jr, J., Gusmão, C. e Moura, H. (2019). Risk factors in software development projects: a systematic literature review. Software Quality Journal, 27(3):1149–1174.
Mens, T. e Roover, C. d. (2023). An Introduction to Software Ecosystems, pages 1–29. Springer International Publishing, Cham.
Messerschmitt, D. G. e Szyperski, C. (2003). Software Ecosystem: Understanding an Indispensable Technology and Industry. MIT press.
Oliveira, J. e Alves, C. (2021). Software ecosystems governance – an analysis of sap and gnome platforms. In 2021 47th Euromicro Conference on Software Engineering and Advanced Applications (SEAA), pages 296–299.
Olsson, T. e Franke, U. (2019). Risks and assets: a qualitative study of a software ecosystem in the mining industry. In Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ESEC/FSE 2019, page 895–904, New York, NY, USA. Association for Computing Machinery.
Petersen, K., Vakkalanka, S. e Kuzniarz, L. (2015). Guidelines for conducting systematic mapping studies in software engineering: An update. Information and software technology, 64:1–18.
Pilliang, M. e Munawar, M. (2022). Risk management in software development projects: A systematic literature review. Khazanah Informatika: Jurnal Ilmu Komputer dan Informatika, 8(2).
PMI (2021). A Guide to the Project Management Body of Knowledge (PMBOK® Guide) – Seventh Edition and The Standard for Project Management. Project Management Institute, Newtown Square, PA, 7 edition.
Prakash, B. e Viswanathan, V. (2020). A comparative study of meta-heuristic optimisation techniques for prioritisation of risks in agile software development. International Journal of Computer Applications in Technology, 62(2):175–188.
Schueller, W. e Wachs, J. (2024). Modeling interconnected social and technical risks in open source software ecosystems. Collective Intelligence, 3(1):26339137241231912.
Shaw, M. (2003). Writing good software engineering research papers. In 25th International Conference on Software Engineering, pages 726–736. IEEE.
Siddiqui, A. T. (2024). Importance of risk management in software engineering. Asian Journal of Technology & Management Research (AJTMR) ISSN, 2249(0892).
Trist, E. L. (1981). The evolution of socio-technical systems, volume 2. Ontario Quality of Working Life Centre Toronto.
Valério, K. G. O., da Silva, C. E. S. e Neves, S. M. (2020). Risk management in software development projects: systematic review of the state of the art literature. International Journal of Open Source Software and Processes (IJOSSP), 11(1):1–22.
Publicado
25/05/2026
Como Citar
CAMPOS, Gabriele da Silva Serafim de; SILVA, Francisco Ismael Ribeiro da; MALCHER, Paulo; SANTOS, Rodrigo Pereira dos.
Challenges and Solutions of Risk Management in Software Ecosystems. In: SIMPÓSIO BRASILEIRO DE SISTEMAS DE INFORMAÇÃO (SBSI), 22. , 2026, Vitória/ES.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2026
.
p. 616-635.
DOI: https://doi.org/10.5753/sbsi.2026.248578.
