This centralized page, for all Honolulu projects, is aimed at identifying the risks as they are foreseen within the release life cycle.
A Risk that materialized becomes an Issue.
Status:
- Identified: a risk that has been identified, but has not yet been analyzed / assessed yet
- Assessed: an identified risk which currently has no risk response plan
- Planned: an identified risk with a risk response plan
- In-Process: a risk where the risk response is being executed
- Closed: a risk that occurred and is transferred to an issue or the risk was solved/avoided
- Not occurred: a risk that was identified but that did not occur
- Rejected: created and kept for tracking purposes but considered not to be used yet
Risk ID | Project Team or person identifying the risk | Identification Date | Risk (Description and potential impact) | Team or component impacted by the risk | Mitigation Plan (Action to prevent the risk to materialize) | Contingency Plan - Response Plan (Action in case of the risk materialized) | Probability of occurrence (probability of the risk materialized) High/Medium/Low | Impact High/Medium/Low | Status |
---|---|---|---|---|---|---|---|---|---|
1 | OOF |
| Meeting the following requirement for CMSO - Upgrade vulnerable packages | OOF - CMSO | Will be taken up along with the feature implementation if it is required by the use cases | Project team will try to take up activity if no new feature is planned | Low | Low | Identified |
2 | UUI |
| UUI | Will take active action to contact Jira owner and find out witch package contains GPLv3 | Make the current dependencies work well and keep this problem to next release | High | Low | Identified | |
3 | Policy |
| Policy | Will continue to work on upgrades | Obtain a waiver for the problem packages | Medium | Medium | Identified | |
4 | SDC |
| SDC | Will continue to work on upgrades | Obtain a waiver for the problem packages | Medium | Medium | Identified | |
5 | AAI |
| AAI | Nothing we can really do given the current constraints unless JanusGraph updates to working with Java 11 | Obtain a waiver for the mS with the core tech of Janusgraph | High | Low | Identified | |
6 | DCAE |
| DCAE | Migrate/replace MOD NiFI components with custom containers for future release | Request waiver (discused with SECCOM and they are okay with filing exception for NiFI components) | High | Low | Identified | |
7 | DCAE | REQ-437 - COMPLETION OF PYTHON LANGUAGE UPDATE (v2.7 → v3.8 With Cloudify 3.x support releated by Cloudify under 5.1.1, DCAE CM pod upgrade is targetted for H release. This will be major upgrade requiring extensive regression. Marking this risk due to resource/time constraint. | DCAE | Based on severity of issue - we'll assess if new containers can be released for H release or if need to be withheld. | If switching to Guilin version (old CM 4.6 version) - will need waiver for Cloudify container and plugins | Medium | High | Identified | |
8 | CPS |
| Upgrade vulnerable packages, which all are Transient dependencies | CPS | Working with SecCom to resolve high level vulnerabilities | Obtain a waiver for the problem packages | Medium | Low | Identified |
9 | DMaaP Message Router |
| DMaaP | Source some more resources for the project to address this issue. | Obtain a waiver for the problem packages | High | Low | Identified | |