...
| Risk ID | Project Team or person identifying the risk | Identification Date | Risk (Description and potential impact) | Team or component impacted by the risk | Mitigation Plan (Action to prevent the risk to materialize) | Contingency Plan - Response Plan (Action in case of the risk materialized) | Probability of occurrence (probability of the risk materialized) High/Medium/Low | Impact High/Medium/Low | Status | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 1 | OOF |
| Problem with removing GPLv3 components from OSDF docker image | OSDF | Possible ways of solving the problem are documented here. OSDF Image optimization | Raise an exception for this release and continue to work on it | Medium | Medium | Identified | ||||||||||||||||||||||||
| 2 | Policy |
| Problems resulting from upgrade of jetty-server | Policy, oparent | Request update to oparent sooner rather than later so that impact may be assessed | Raise an exception for this release and continue to work on it | Low | High | Identified | ||||||||||||||||||||||||
| 3 | Policy |
| Problems resulting from upgrade of CDS jars | Policy, CDS | Be proactive with CDS team | Medium | Low | Identified | |||||||||||||||||||||||||
| 4 | Policy |
| TSOCA Control Loops are dependent on migration of DCAE kubernetes | Policy, DCAE | Be proactive with DCAE team | Medium | Medium | Identifier | |||||||||||||||||||||||||
| 5 | AAI |
| Lack of resources to deliver
| AAI | Make best efforts to resolve the security findings | Raise an exception for this release and continue to work on it | Medium | Low | Identified | ||||||||||||||||||||||||
| 6 | AAI |
| Janusgraph does not support Java 11
| AAI | Not much we can do | Raise an exception for this release and hope janusgraph supports java 11 in the coming release | High | Low | Identified | ||||||||||||||||||||||||
| 7 | DMaaP Message Router |
|
Confluent base images used by Message Router kafka/zookeeper are built using Java 8. Move to a newer version is a risk based on resources/time constraints. | DMaaP | Source some more resources for the project to address this issue. | Obtain a waiver for the problem packages | High | Low | Identified | ||||||||||||||||||||||||
| 8 | DMaaP kafka |
| Code coverage for the dmaap-kafka project failed to meet the required goal. | DMaaP kafka | Code coverage goals | Obtain a waiver for the impacted components | High | Low | Working with Sonar community to fix this unexpected coverage drop. | ||||||||||||||||||||||||
| 9 | CCSDK |
| Most recent AAF shiro plugin version appears to still be compiled for Java 8, which causes problems when installed in Karaf under Java 11. | AAF | AAF plugin is not installed until this is resolved - installing it breaks the container. | Will continue to use built-in ODL credentials instead of using AAF to authenticate | High | Low | Identified | ||||||||||||||||||||||||
| 10 | DCAE |
| REQ-438 - COMPLETION OF JAVA LANGUAGE UPDATE (v8 → v11) dcaemod-designtool & dcaemod-nifi-registry has dependency on upstream (NiFI) project which is currently on java8 | DCAE | Continue H version | Waiver/Exception to be filed with SECCOM | High | Low | Identified | ||||||||||||||||||||||||
| 11 | DCAE |
| Scope of DCAE Transformation (REQ-685) being large and dependency on multiple projects (DCAE, OOM, Integration, CLAMP) - there is risk in completing the planned scope in entierity for this release | DCAE, Integration, OOM, CLAMP | Periodic assessment with all impacted project; adjust target scope if required. | Defer subset of features to J release | Medium | Medium | Identified | ||||||||||||||||||||||||
| 12 | UUI |
|
Update the vulnerable direct dependencies in code base but the result is unknown, and we don't have the lab environment to verify it now | UUI | Delay it until our lab environment is ready | High | Low | Identified | |||||||||||||||||||||||||
| 13 | UUI |
|
Not enough human resource to do this modification | UUI | Continue working on it until next release | High | Low | Identified | |||||||||||||||||||||||||
| 14 | SDC |
| Not able to fix all the identified security issues required by the global requirement
| SDC | Source resources to take a look and responsibility to fix the issues as soon as possible. Items will be tracked twice a week. | Raise an exception for this release and continue to work on it | Low | Low | Identified | ||||||||||||||||||||||||
| 15 | SDC |
| Not able to update all the required vulnerabilities, as per general requirement
| SDC | Continuously monitor the vulnerabilities reported | Raise an exception for this release and continue to work on it | Low | Low | Identified | ||||||||||||||||||||||||
| 16 | SDC |
| Code coverage fail to meet the required goal. Currently we are very close to the requirement of at least 55% of line coverage. | SDC | Track code coverage closely and try to identify the changes that introduced drops and improve them. | Raise an exception for this release and continue to work on it | Low | Low | Identified | ||||||||||||||||||||||||
| 17 | SDC |
| Not able to fix
| SDC | Try to find resources in the community to work on the issue. The issue will be tracked twice a week during the release. | Raise an exception for this release and continue to work on it | High | Low | Identified | ||||||||||||||||||||||||
