No Access

The Influence of Risk Factors in Decision-Making Process for Open Source Software Adoption

Mario Silic

University of St. Gallen/ZSEM Mueller - Friedberg - Str. 8, 9000 St. Gallen, Switzerland

E-mail Address: mario.silic@unisg.ch

Search for more papers by this author

and

Andrea Back

University of St. Gallen, Mueller - Friedberg - Str. 8, 9000 St. Gallen, Switzerland

Search for more papers by this author

https://doi.org/10.1142/S0219622015500364Cited by:17 (Source: Crossref)

Abstract

“Nobody ever got fired for buying IBM,” was a widely used cliché in the 1970s in the corporate IT (information technology) world. Since then, the traditional process of purchasing software has dramatically changed, challenged by the advent of open source software (OSS). Since its inception in the 1980s, OSS has matured, grown, and become one of the important driving forces of the enterprise ecosystem. However, it has also brought important IT security risks that are impacting the OSS IT adoption decision-making process. The recent Heartbleed bug demonstrated the grandeur of the issue. While much of the noise relates to the amplification of perceived risks by the popular mass media coverage, the effect is that many enterprises, mainly for risk reasons, have still chosen not to adopt OSS. We investigated “how do information security related characteristics of OSS affect the risk perception and adoption decision of OSS” by conducting an online survey of 188 IT decision-makers. The proposed Open Source Risk Adoption Model offers novel insights on the importance of the perceived risk antecedents. Our research brings new theoretical contributions, such as understanding the perceived IT security risk (PISR) relationship with adoption intention (AI) in the OSS context, for researchers and important insights for IT information professionals. We have found that IT security risk has a significant role in OSS adoption intention. Our results offer possible future research directions and extend existing theoretical understanding of OSS adoption.

Keywords:

References

1. Schryen, Is Open Source Security a Myth?, Communications of the ACM 54 (5) (2011) 130–140, doi: 10.1145/1941487.1941516. Web of Science, Google Scholar
2. B. Perens, The open source definition, Open Sources: Voices from the Open Source Revolution (Google, New York, NY, 1999), pp. 171–185. Google Scholar
3. M. Shaikh and T. Cornford, Strategic Drivers of Open Source Software Adoption in the Public Sector: Challenges and Opportunities, Proceedings ECIS 2012 (2012). Google Scholar
4. M. Germonprez, B. Young, L. Mathiassen, J. E. Kendall, K. E. Kendall and B. Warner, Risk Mitigation in Corporate Participation with Open Source Communities: Protection and Compliance in an Open Source Supply Chain, International Research Workshop on IT Project Management 2012. Paper 3. http://aisel.aisnet.org/irwitpm2012/3 (2012). Google Scholar
5. J. Herbsleb, Research priorities in open source software development retrieved December 2014, available at: http://www.flossproject.org/workshop/papers/herbsleb.htm (2002). Google Scholar
6. S. Krishnamurthy, A managerial overview of open source software,, Business Horizons 46 (5) (2003) 47–56. Google Scholar
7. M. Silic and A. Black, “Identification and Importance of the Technological Risks of Open Source Software in the Enterprise Adoption Context” (2015). Wirtschafts informatik Proceedings 2015. Paper 78. http://aisel.aisnet.org/wi2015/78 (2015). Google Scholar
8. C. A. Kenwood, A business case study of open source software Retrieved December 2014, Available at: http://www.dtic.mil/dtic/tr/fulltext/u2/a459563.pdf (2001). Google Scholar
9. Forrester, The Costs and Risks of Open Source Retrieved December 2014, Available at: www.forrester.com/Research/Document/0,7211,34146,00.html (2004). Google Scholar
10. C. M. Schweik and R. C. English, Internet Success: A Study of Open-Source Software Commons (MIT Press, 2012). Google Scholar
11. W. Scacchi, Free/open Source Software Development. Paper presented at the Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering (2007). Google Scholar
12. Gartner, Critical Strategies to Manage Risk and Maximize, Business Value of Open Source in the Enterprise Retrieved December 2014, Available at: https://www.gartner.com/doc/1730521/critical-strategies-manage-risk-maximize, (2011). Google Scholar
13. X. Franch, A. Susi, M. C. Annosi, C. Ayala, R. Glott, D. Gross and C. Thomas, Managing Risk in Open Source Software Adoption, Paper presented at the Proc. 8th Int. Conf. on Software Engineering and Applications (ICSOFT-EA 2013). SciTePress, (2013). Google Scholar
14. Netcraft, Web server survey Retrieved January 2015, Available at: http://news.netcraft.com/archives/2013/08/09/august-2013-web-server-survey.html (2014). Google Scholar
15. Strategyanalytics, Global Smartphone OS Market Share by Region Q3 2013 Retrieved February 2015, available at: http://www.strategyanalytics.com/default.aspx?mod=reportabstractviewer&a0=9095 (2013). Google Scholar
16. K. Ven, J. Verelst and H. Mannaert, Should you adopt open source software?, IEEE Software 25 (3) (2008) 54–59. Web of Science, Google Scholar
17. F. Tiangco, A. Stockwell, J. Sapsford, A. Rainer and E. Swanton, Open-source software in an occupational health application: The case of Heales Medical Ltd, Procs 1 (2005) 130–134. Google Scholar
18. L. Morgan and P. Finnegan, Benefits and drawbacks of open source software: An exploratory study of secondary software firms, Open Source Development, Adoption and Innovation (Springer, Verlag, 2007), pp. 307–312. Google Scholar
19. B. Fitzgerald and T. Kenny, Developing an information systems infrastructure with open source software, IEEE Software 21 (1) (2004) 50–55. Web of Science, Google Scholar
20. J. Rudzki, K. Kiviluoma, T. Poikonen and I. Hammouda, Evaluating Quality of Open Source Components for Reuse-Intensive Commercial Solutions, Paper presented at the 35th Euromicro Conference on Software Engineering and Advanced Applications, 2009. SEAA ’09, (27–29 August 2009). Google Scholar
21. P. J. Ågerfalk, A. Deverell, B. Fitzgerald and L. Morgan, Assessing the role of open source software in the European secondary software sector: A voice from industry. Paper Presented at the Proceedings of the 1st Int. Conf. Open Source Systems (eds. M. Scotto, and G. Succi) (2005). Google Scholar
22. S. W. van Rooij, Perceptions of open source versus commercial software: is higher education still on the fence?, Journal of Research on Technology in Education 39 (4) (2007) 433–453. Google Scholar
23. CNBC, Apple moves to take care of business users Retrieved December 2014, available at: http://www.cnbc.com/id/101190135/page/1 (2013). Google Scholar
24. Hubspan, Hubspan-User-Environment-Survey-Final-Results-2011. Retrieved December 2014, available at: http://hubspansitefiles.s3.amazonaws.com/wp-content/uploads/2011/06/Hubspan-User-Environment-Survey-Final Results-2011.pdf.(2011). Google Scholar
25. Gartner, Road Map for Open-Source Success Understanding Quality and Security Retrieved December 2014, available at: https://www.gartner.com/doc/2674615/road-map-opensource-success-understanding (2014). Google Scholar
26. Deloitte, Open mobile survey Retrieved September 2014, available at: http://www.deloitte.com/assets/Dcom-Turkey/Local%20Assets/Documents/turkey_tr_tmt_openmobile_220212.pdf, (2012). Google Scholar
27. ISO, Information technology — Security techniques-Information security risk management Retrieved December 2014, available at http://www.iso.org/iso/catalogue_detail?csnumber=56742 (2008). Google Scholar
28. S. Goode, Something for nothing: Management rejection of open source software in Australia’s top firms, Information & Management 42 (5) (2005) 669–681. Web of Science, Google Scholar
29. S. B. Federspiel and B. Brincker, Software as risk: Introduction of open standards in the danish public sector, Information Society 26 (1) (2010) 38–47, doi: 10.1080/01972240903423345. Web of Science, Google Scholar
30. Ø. Hauge, C. Ayala and R. Conradi, Adoption of open source software in software-intensive organizations–A systematic literature review, Information and Software Technology 52 (11) (2010) 1133–1154. Web of Science, Google Scholar
31. K. Ven and J. Verelst, A qualitative study on the organizational adoption of open source server software, Information Systems Management 29 (3) (2012) 170–187. Web of Science, Google Scholar
32. Sans, Security Concerns in Using Open Source Software for Enterprise Requirements Retrieved January 2015, available at: http://www.sans.org/reading-room/whitepapers/awareness/security-concerns-open-source-software-enterprise-requirements-1305 (2009). Google Scholar
33. PC World, Is open source to blame for the Heartbleed bug? Retrieved May 2015, available at http://www.pcworld.com/article/2141740/is-open-source-to-blame-for-the-heartbleed-bug.html (2014). Google Scholar
34. The Register, Ruby off the Rails: Enormo security hole puts 240k sites at risk Retrieved February 2015, available at: http://www.theregister.co.uk/2013/01/10/ruby_on_rails_security_vuln/, (2013). Google Scholar
35. V. Del Bianco, L. Lavazza, S. Morasca and D. Taibi, A survey on open source software trustworthiness, IEEE Software 28 (5) (2011) 67–75. Web of Science, Google Scholar
36. G. Kou, Y. Shi and G. Dong, Data mining for software trustworthiness, Information Sciences 191 (2012) 1–2. Web of Science, Google Scholar
37. D. Zissis and D. Lekkas, Addressing cloud computing security issues, Future Generation Computer Systems 28 (3) (2012) 583–592. Web of Science, Google Scholar
38. Y. Peng, G. Kou, G. Wang, H. Wang and F. I. Ko, Empirical evaluation of classifiers for software risk management, International Journal of Information Technology & Decision Making 8 (04) (2009) 749–767. Link, Web of Science, Google Scholar
39. G. Kou, Y. Peng, Y. Shi and W. Wu, Classifier evaluation for software defect prediction, Studies in Informatics and Control 21 (2) (2012) 118. Web of Science, Google Scholar
40. G. Kou, Y. Peng and G. Wang, Evaluation of clustering algorithms for financial risk analysis using MCDM methods, Information Sciences 275 (2014) 1–12. Web of Science, Google Scholar
41. O. H. Alhazmi, Y. K. Malaiya and I. Ray, Measuring, analyzing and predicting security vulnerabilities in software systems, Computers & Security 26 (3) (2007) 219–228, doi: 10.1016/j.cose.2006.10.002. Web of Science, Google Scholar
42. H. K. Browne, W. A. Arbaugh, J. McHugh and W. L. Fithen, A Trend Analysis of Exploitations. Paper presented at the Proceedings IEEE Symposium on Security and Privacy, 2001. S&P 2001 (2001). Google Scholar
43. S. Frei, M. May, U. Fiedler and B. Plattner, Large-Scale Vulnerability Analysis, Paper presented at the Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense (2006). Google Scholar
44. S. Neuhaus, T. Zimmermann, C. Holler and A. Zeller, Predicting Vulnerable Software Components, Paper presented at the Proceedings of the 14th ACM conference on Computer and communications security (2007). Google Scholar
45. T. Wolke, Risikomanagement (Oldenbourg Verlag, 2008). Google Scholar
46. G. Dionne, Risk Management: History, Definition, and Critique, Risk Management and Insurance Review 16 (2) (2013) 147–166. Google Scholar
47. S. E. Harrington and G. R. Niehaus, Risk Management and Insurance (Wiley, Danvers, 1999). Google Scholar
48. L. L. Sun, R. P. Srivastava and T. J. Mock, An information systems security risk assessment model under the Dempster-Shafer theory of belief functions, Journal of Management Information Systems 22 (4) (2006) 109–142, doi: 10.2753/mis0742-1222220405. Web of Science, Google Scholar
49. G. Purdy, ISO 31000: 2009—setting a new standard for risk management, Risk Analysis 30 (6) (2010) 881–886. Web of Science, Google Scholar
50. S. M. Cunningham, The major dimensions of perceived risk, Risk Taking and Information Handling in Consumer Behavior (1967) 82–108. Google Scholar
51. J. R. Bettman, Perceived risk and its components: A model and empirical test, Journal of Marketing Research (JMR) 10 (2) (1973). Web of Science, Google Scholar
52. R. Gregory and R. Mendelsohn, Perceived risk, dread, and benefits, Risk Analysis 13 (3) (1993) 259–264. Web of Science, Google Scholar
53. H.-S. Rhee, Y. U. Ryu and C.-T. Kim, Unrealistic optimism on information security management, Computers & Security 31 (2) (2012) 221–232. Web of Science, Google Scholar
54. M. Koller, Risk as a determinant of trust, Basic and Applied Social Psychology 9 (4) (1988) 265–276. Web of Science, Google Scholar
55. B. W. Boehm, Software engineering economics (1981). Google Scholar
56. M. S. Featherman and P. A. Pavlou, Predicting e-services adoption: A perceived risk facets perspective, International Journal of Human-Computer Studies 59 (4) (2003) 451–474. Web of Science, Google Scholar
57. M. E. Porter and V. E. Millar, How Information Gives you Competitive Advantage (Harvard Business Review, Reprint Service, 1985). Google Scholar
58. U. Faisst and O. Prokein, An Optimization Model for the Management of Security Risks in Banking Companies, Paper presented at the Seventh IEEE International Conference on E-Commerce Technology, 2005. CEC 2005 (2005). Google Scholar
59. E. Wheeler and K. Swick, Security Risk Management: Building an Information Security Risk Management Program from the Ground Up (Syngress Publishing, Waltham, MA, 2011). Google Scholar
60. J. L. Spears and H. Barki, User Participation in Information Systems Security Risk Management, MIS Quarterly 34 (3) (2010). Web of Science, Google Scholar
61. C. L. Culp, The Risk Management Process: Business Strategy and Tactics 103 (John Wiley & Sons, NY, 2002). Google Scholar
62. W. T. Yue, M. Çakanyýldýrý, Y. U. Ryu and D. Liu, Network externalities, layered protection and IT security risk management, Decision Support Systems 44 (1) (2007) 1–16. Web of Science, Google Scholar
63. M. Whitman and H. Mattord, Management of Information Security (Cengage Learning, 2013). Google Scholar
64. B. Fischhoff, Risk perception and communication unplugged: Twenty years of process1, Risk Analysis 15 (2) (1995) 137–145. Web of Science, Google Scholar
65. B. Bozeman and G. Kingsley, Risk culture in public and private organizations, Public Administration Review (1998) 109–118. Web of Science, Google Scholar
66. J. R. Vacca, Computer and Information Security Handbook: Newnes (2012). Google Scholar
67. D. D. McGhee, Free and open source software licenses: Benefits, risks, and steps toward ensuring compliance, Intellectual Property & Technology Law Journal 19 (11) (2007) 5. Google Scholar
68. A. Jaaksi, Experiences on product development with open source software, Open Source Development, Adoption and Innovation (Springer, Limerick, Ireland, 2007), pp. 85–96. Google Scholar
69. C. Payne, On the security of open source software, Information Systems Journal 12 (1) (2002) 61–78, doi: 10.1046/j.1365-2575.2002.00118.x. Web of Science, Google Scholar
70. Schryen, Security of Open Source and Closed Source Software: An Empirical Comparison of Published Vulnerabilities, AMCIS 2009 Proceedings (2009). Google Scholar
71. S. A. Hissam, D. Plakosh and C. Weinstock, Trust and vulnerability in open source software, IEEE Proceedings — Software 149 (1) (2002) 47, doi: 10.1049/ip-sen:20020208. Google Scholar
72. K. Stewart and S. Gosain, An exploratory study of ideology and trust in open source development groups, Proceedings ICIS 2001 (2001). Google Scholar
73. P. Laplante, A. Gold and T. Costello, Open Source Software: Is It Worth Converting?, IT Professional 9 (4) (2007) 28–33, doi: 10.1109/mitp.2007.72. Google Scholar
74. L. Morgan and P. Finnegan, How perceptions of open source software influence adoption: An exploratory study, Paper presented at the Proceedings of the 15th European Conference on Information Systems (ECIS 2007) (2007). Google Scholar
75. E. Eryilmaz, M. Cochran and S. Kasemvilas, Establishing Trust Management in an Open Source Collaborative Information Repository: An Emergency Response Information System Case Study, Paper presented at the 42nd Hawaii International Conference on System Sciences, 2009. HICSS ’09. (5–8 January 2009). Google Scholar
76. C. Cowan, Software security for open-source systems, IEEE Security & Privacy 1 (1) (2003) 38–45, doi: 10.1109/msecp.2003.1176994. Google Scholar
77. S. W. Chou and M. Y. He, Understanding OSS development in communities: The perspectives of ideology and knowledge sharing, Behaviour & Information Technology 30 (3) (2011) 325–337, doi: 10.1080/0144929x.2010.535853. Web of Science, Google Scholar
78. D. Nagy, A. M. Yassin and A. Bhattacherjee, Organizational adoption of open source software: Barriers and remedies, Communications of the ACM 53 (3) (2010) 148–151. Web of Science, Google Scholar
79. R. G. Fichman, The diffusion and assimilation of information technology innovations, Framing the Domains of IT Management: Projecting the Future Through the Past (2000) 105–127. Google Scholar
80. T. H. Kwon and R. W. Zmud, Unifying the Fragmented Models of Information Systems Implementation, Paper presented at the Critical issues in information systems research (1987). Google Scholar
81. I. Ajzen and M. Fishbein, Understanding attitudes and predicting social behaviour (1980). Google Scholar
82. A. Benlian and T. Hess, Comparing the relative importance of evaluation criteria in proprietary and open-source enterprise application software selection — a conjoint study of ERP and Office systems, Information Systems Journal 21 (6) (2011) 503–525, doi: 10.1111/j.1365-2575.2010.00357.x. Web of Science, Google Scholar
83. H. Gewald and J. Dibbern, Risks and benefits of business process outsourcing: A study of transaction services in the German banking industry, Information & Management 46 (4) (2009) 249–257. Web of Science, Google Scholar
84. T. J. Madden, P. S. Ellen and I. Ajzen, A comparison of the theory of planned behavior and the theory of reasoned action, Personality and social psychology Bulletin 18 (1) (1992) 3–9. Web of Science, Google Scholar
85. A. Benlian and T. Hess, Opportunities and risks of software-as-a-service: Findings from a survey of IT executives, Decision Support Systems 52 (1) (2011) 232–246. Web of Science, Google Scholar
86. J. Dedrick and J. West, Why Firms Adopt Open Source Platforms: A Grounded Theory of Innovation and Standards Adoption, Paper presented at the Proceedings of the workshop on standard making: A critical research frontier for information systems (2003). Google Scholar
87. R. D. Macredie and K. Mijinyawa, A theory-grounded framework of Open Source Software adoption in SMEs, European Journal of Information Systems 20 (2) (2011) 237–250. Web of Science, Google Scholar
88. H. R. Varian and C. Shapiro, Linux adoption in the public sector: An economic analysis, Manuscript (University of California, Berkeley, 2003). Google Scholar
89. S. Forge, The rain forest and the rock garden: The economic impacts of open source software, info 8 (3) (2006) 12–31. Google Scholar
90. M. Silic, A. Black and D. Silic, Taxonomy of technological risks of open source software in the enterprise adoption context, Information and Computer Security 23(5) 570–583. DOI: 10.1108/ICS-08-2014-0056 (2015). Google Scholar
91. Y. Li, C.-H. Tan and X. Yang, It is all about what we have: A discriminant analysis of organizations’ decision to adopt open source software, Decision Support Systems 56 (2013) 56–62. Web of Science, Google Scholar
92. S. C. Srivastava, S. Chandra and Y.-L. Theng, Evaluating the role of trust in consumer adoption of mobile payment systems: An empirical analysis, Communications of the Association for Information Systems 27 (2010) 561–588. Google Scholar
93. M. S. Featherman, J. S. Valacich and J. D. Wells, Is that authentic or artificial? Understanding consumer perceptions of risk in e-service encounters, Information Systems Journal 16 (2) (2006) 107–134. Web of Science, Google Scholar
94. H. Gewald, K. Wüllenweber and T. Weitzel, The influence of perceived risks on banking managers’ intention to outsource business processes-a study of the German banking and finance industry, Journal of Electronic Commerce Research 7 (2) (2006). Google Scholar
95. D. J. Kim, D. L. Ferrin and H. R. Rao, A trust-based consumer decision-making model in electronic commerce: The role of trust, perceived risk, and their antecedents, Decision Support Systems 44 (2) (2008) 544–564. Web of Science, Google Scholar
96. J. P. Peter and L. X. Tarpey Sr , A comparative analysis of three consumer decision strategies, Journal of Consumer Research 2 (1) (1975) 29–37. Web of Science, Google Scholar
97. D. H. McKnight, V. Choudhury and C. Kacmar, Developing and validating trust measures for e-commerce: An integrative typology, Information Systems Research 13 (3) (2002) 334–359. Web of Science, Google Scholar
98. B. Blakley, E. McDermott and D. Geer, Information Security is Information Risk Management. Paper presented at the Proceedings of the 2001 workshop on New security paradigms (2001). Google Scholar
99. E. G. Amoroso, Fundamentals of Computer Security Technology (Prentice-Hall, Inc., 1994). Google Scholar
100. R. S. Pressman and W. S. Jawadekar, Software engineering, New York 1992 (1987). Google Scholar
101. A. Aldridge, M. White and K. Forcht, Security considerations of doing business via the Internet: cautions to be considered, Internet Research 7 (1) (1997) 9–15. Web of Science, Google Scholar
102. M. J. Garfield and P. G. McKeown, Planning for internet security, Information Systems Management 14 (1) (1997) 41–46. Web of Science, Google Scholar
103. P. Ratnasingham, EDI security: The influences of trust on EDI risks, Computers & Security 17 (4) (1998) 313–324, doi: 10.1016/s0167-4048(98)80012-6. Web of Science, Google Scholar
104. C. W. Hill, Cooperation, opportunism, and the invisible hand: Implications for transaction cost theory, Academy of Management Review 15 (3) (1990) 500–513. Web of Science, Google Scholar
105. O. E. Williamson, Markets and hierarchies (New York, 1975) pp. 26–30. Google Scholar
106. J. A. Colquitt, B. A. Scott and J. A. LePine, Trust, trustworthiness, and trust propensity: A meta-analytic test of their unique relationships with risk taking and job performance, Journal of Applied Psychology 92 (4) (2007) 909. Web of Science, Google Scholar
107. Pavlou, Huigang and Yajiong, Understanding and mitigating uncertainty in online exchange relationships: A principal–agent perspective, MIS Quarterly 31(1) (2007) 105–136. Google Scholar
108. M. Silic, Dual-use open source security software in organizations — Dilemma: Help or hinder?, Computers & Security, 39, Part B (0) (2013) , 386–395, doi: http://dx.doi.org/10.1016/j.cose.2013.09.003. Web of Science, Google Scholar
109. P. B. De Laat, How can contributors to open-source communities be trusted? On the assumption, inference, and substitution of trust, Ethics and Information Technology 12 (4) (2010) 327–341. Web of Science, Google Scholar
110. H. Gewald and J. Dibbern, The influential role of perceived risks versus perceived benefits in the acceptance of business process outsourcing: Empirical evidence from the German Banking Industry, E-Finance Lab Working Paper, 9 (2005). Google Scholar
111. A. Bonaccorsi and C. Rossi, Why open source software can succeed, Research Policy 32 (7) (2003) 1243–1258, doi: 10.1016/s0048-7333(03)00051-9. Web of Science, Google Scholar
112. L. Carter and F. Belanger, The utilization of e-government services: Citizen trust, innovation and acceptance factors, Information Systems Journal 15 (1) (2005) 5–25, doi: 10.1111/j.1365-2575.2005.00183.. Web of Science, Google Scholar
113. X. W. Fang, S. Chan, J. Brzezinski and S. Xu, Moderating effects of task type on wireless technology acceptance, Journal of Management Information Systems 22 (3) (2005) 123–157. Web of Science, Google Scholar
114. S. L. Jarvenpaa, N. Tractinsky and L. Saarinen, Consumer trust in an Internet store: A cross-cultural validation, Journal of Computer-Mediated Communication 5 (2) (1999) 45–71. Google Scholar
115. D. L. Hoffman, T. P. Novak and M. Peralta, Building consumer trust online, Communications of the ACM 42 (4) (1999) 80–85. Web of Science, Google Scholar
116. D. A. Harrison, P. P. Mykytyn Jr and C. K. Riemenschneider, Executive decisions about adoption of information technology in small business: Theory and empirical tests, Information Systems Research 8 (2) (1997) 171–195. Web of Science, Google Scholar
117. P. Chwelos, I. Benbasat and A. S. Dexter, Research report: Empirical test of an EDI adoption model, Information Systems Research 12 (3) (2001) 304–321. Web of Science, Google Scholar
118. Linux Foundation, Enterprise End User Report (2013). Google Scholar
119. Sonatype, Sonatype Survey Findings Retrieved January 2015, available at: http://img.en25.com/Web/SonatypeInc/%7B43071d5d-4e57-4fa7-9663-cf967945be95%7D_Sonatype_2013Survey.pdf (2013). Google Scholar
120. G. John, An empirical investigation of some antecedents of opportunism in a marketing channel, Journal of Marketing Research 21 (3) (1984) 278–289. Web of Science, Google Scholar
121. A. Bhimani, Securing the commercial internet, Communications of the ACM 39 (6) (1996) 29–35. Web of Science, Google Scholar
122. C. Cockburn and T. D. Wilson, Business use of the world-wide web, International Journal of Information Management 16 (2) (1996) 83–102. Web of Science, Google Scholar
123. J. C. Sweeney, G. N. Soutar and L. W. Johnson, The role of perceived risk in the quality-value relationship: A study in a retail environment, Journal of Retailing 75 (1) (1999) 77–105. Web of Science, Google Scholar
124. L. Wu, J.-Y. Li and C.-Y. Fu, The adoption of mobile healthcare by hospital’s professionals: An integrative perspective, Decision Support Systems 51 (3) (2011) 587–596. Web of Science, Google Scholar
125. T. Ackermann, A. Miede, P. Buxmann and R. Steinmetz, Taxonomy of Technological IT Outsourcing Risks: Support for Risk Identification and Quantification. Paper presented at the ECIS (2011). Google Scholar
126. T. Ackermann, T. Widjaja, A. Benlian and P. Buxmann, Perceived IT security risks of cloud computing: Conceptualization and scale development (2012). Google Scholar
127. A. I. Nicolaou and D. H. McKnight, Perceived information quality in data exchanges: Effects on risk, trust, and intention to use, Information Systems Research 17 (4) (2006) 332–351. Web of Science, Google Scholar
128. A. Benlian and T. Hess, The Risks of Sourcing Software as a Service-An Empirical Analysis of Adopters and Non-Adopters. Paper presented at the ECIS (2010). Google Scholar
129. L. Poppo and T. Zenger, Do formal contracts and relational governance function as substitutes or complements?, Strategic Management Journal 23 (8) (2002) 707–725. Web of Science, Google Scholar
130. W. W. Chin, The partial least squares approach to structural equation modeling, Modern Methods for Business Research 295 (2) (1998) 295–336. Google Scholar
131. W. W. Chin, B. L. Marcolin and P. R. Newsted, A partial least squares latent variable modeling approach for measuring interaction effects: Results from a Monte Carlo simulation study and an electronic-mail emotion/adoption study, Information Systems Research 14 (2) (2003) 189–217. Web of Science, Google Scholar
132. J. L. Roldán and M. J. Sánchez-Franco, Variance-based structural equation modeling: Guidelines for using partial least squares, Research Methodologies, Innovations and Philosophies in Software Systems Engineering and Information Systems 193 (2012). Google Scholar
133. J. Hair, C. Ringle and M. Sarstedt, PLS-SEM: Indeed a silver bullet, The Journal of Marketing Theory and Practice 19 (2) (2011) 139–152. Google Scholar
134. N. Kock, WarpPLS 4.0 User Manual (ScriptWarp Systems, Laredo Texas USA, 2010). Google Scholar
135. C. Fornell and D. F. Larcker, Evaluating structural equation models with unobservable variables and measurement error, Journal of Marketing Research (JMR) 18 (1) (1981). Web of Science, Google Scholar
136. S. Geisser, A predictive approach to the random effect model, Biometrika 61 (1) (1974) 101–107. Web of Science, Google Scholar
137. M. Stone, Cross-validatory choice and assessment of statistical predictions, Journal of the Royal Statistical Society. Series B (Methodological) (1974) 111–147. Web of Science, Google Scholar
138. J. F. Hair, Multivariate Data Analysis (Prentice Hall, Upper Saddle River, 2009). Google Scholar
139. R. B. Kline, Principles and Practice of Structural Equation Modeling (Guilford Press, New York, NY, 2011). Google Scholar
140. R. K. Wagner, J. K. Torgesen and C. A. Rashotte, Development of reading-related phonological processing abilities: New evidence of bidirectional causality from a latent variable longitudinal study, Developmental Psychology 30 (1) (1994) 73. Web of Science, Google Scholar
141. P. M. Podsakoff, S. B. MacKenzie, J.-Y. Lee and N. P. Podsakoff, Common method biases in behavioral research: A critical review of the literature and recommended remedies, Journal of Applied Psychology 88 (5) (2003) 879. Web of Science, Google Scholar
142. P. M. Podsakoff and D. W. Organ, Self-reports in organizational research: Problems and prospects, Journal of Management 12 (4) (1986) 531–544. Web of Science, Google Scholar
143. H. Liang, N. Saraf, Q. Hu and Y. Xue, Assimilation of enterprise systems: The effect of institutional pressures and the mediating role of top management, MIS Quarterly 31 (1) (2007) 59–87. Web of Science, Google Scholar
144. L. J. Williams, J. R. Edwards and R. J. Vandenberg, Recent advances in causal modeling methods for organizational and management research, Journal of Management 29 (6) (2003) 903–936. Web of Science, Google Scholar
145. Pavlou, Huigang and Yajiong, Understanding and mitigating uncertainty in online environments: A principal-agent perspective, MIS Quarterly 31(1) (2007) 105–136. Google Scholar
146. S. Grazioli and S. L. Jarvenpaa, Perils of internet fraud: An empirical investigation of deception and trust with experienced internet consumers, IEEE Transactions on Systems, Man and Cybernetics, Part A: Systems and Humans 30 (4) (2000) 395–410. Web of Science, Google Scholar
147. N. K. Malhotra, S. S. Kim and J. Agarwal, Internet users’ information privacy concerns (IUIPC): The construct, the scale, and a causal model, Information Systems Research 15 (4) (2004) 336–355. Web of Science, Google Scholar
148. Pavlou, Consumer acceptance of electronic commerce: Integrating trust and risk with the technology acceptance model, International Journal of Electronic Commerce 7(3) (2003) 101–134. Google Scholar
149. M. Riley, Nsa said to exploit heartbleed bug for intelligence for years, Bloomberg News April (2014) 12. Google Scholar