Metrics for Downstream Users of Open Source with Justin Rackliffe
21 May 2021
39 mins 58 secs
About this Episode
Georg Link | Kate Stewart
[00:02:17] Justin tells us what he does, his background, and his journey to where he is today.
[00:04:47] Georg wonders if Justin is the only one helping with all the different concerns around open source, and he also tells us what the structure is like that he works within.
[00:07:17] Kate wonders with the amount of automation happening behind the scenes to effectively make policy decisions if it is all still funneling more manually then Justin would like. Also, Justin explains how they want to leverage other people’s stuff and contributing back when they can.
[00:09:58] Justin talks about SBOM’s being a challenge in the industry.
[00:10:56] Kate explains what Software Bill of Materials (SBOM) and Software Package Data Exchange (SPDX) are.
[00:15:18] Justin tells us other data points and metrics he employs besides SBOM.
[00:19:08] Kate mentions one of the challenges is identity for software in the industry and matching it up to other sources of information and metrics, and she wonders if Justin finds it easy or hard to find that type of matching and if he’s looking at the National Vulnerability Database (NVD) as a set of risk metrics associated with a project whether it’s up to date as part of his signals.
[00:22:31] Justin explains the difference in viewpoints between CHAOSS metrics and Downstream metrics.
[00:25:14] Kate wonders how much some of the signals that the project sends about new releases and implicit end of life when you’ve got a new release coming out, and how much do people park on one release and not move it forward.
[00:27:37] Justin talks about how tooling needs to be visible and we learn what kind of signals are useful to him.
[00:31:17] We learn from Justin what he would like to see if Georg gave him a magic wand and he could wish for anything from the CHAOSS Project to support him.
[00:34:41] Find out where you can follow Justin online.
Value Adds (Picks) of the week
- [00:35:59] Georg’s pick is the Apple watch.
- [00:37:03] Kate’s pick is having a quarterly meeting with the NTIA SBOM working group.
- [00:37:53] Justin’s pick is his bike and getting out on the greenways.
CHAOSS Project Twitter
Justin Rackliffe Linkedin
Justin Rackliffe Twitter
National Telecommunications and Information Administration SBOM