Risk Analysis for Open Source Projects

I’m looking for perspectives on how risk analysis is performed when there’s not precisely a “dollar value” associated with the risk, as in an Open Source project. Traditionally, risk analysis takes the form of

Asset Value X Annual Probability of Loss X Probable Outcome of Loss = Risk

Open source projects provide great value to people, and their development faces significant risks, both from a project standpoint (ranging from wasted developer cycles to failure to ever deliver) and from a product standpoint (users could not like the product, and update could make people leave or a security hole could leave millions of systems vulnerable to a nasty malware attack).

Who is responsible for identifying and managing these risks? How does the team decide which ones are most significant to the outcome of the project? Are there any official standards or approaches in this area?

I am actually working on term paper on identifying software risk management and their order of importance so that managers can in put more resources on managing those risks that are ranked higher. It is very interesting and I would not mind to share my finding after am done with my research.

I’m getting the idea that there are a number of professionals considering this field right now.
Hopefully some of the research I’ve found helps you as well.

Requirements engineering in open innovation: a research agenda

How Firms Adapt and Interact in Open Source Ecosystems: Analyzing Stakeholder Influence and Collaboration Patterns

Designing Software Ecosystems: How to Develop Sustainable Collaborations?