Thank you to the folks at Sustain for providing the hosting account for CHAOSSCast!
CHAOSScast – Episode 72
In this episode, our host, Matt Germonprez, is joined by Dawn Foster from the CHAOSS Community, Sophia Vargas from Google, and Gary White from Verizon. Today, they dive into the crucial topic of assessing the viability of open source projects for adoption within organizations. The discussion covers the intricacies of evaluating project viability, the challenges of project failure, and the necessity of continuous assessments. The panelists provide valuable insights on mitigating risks, leveraging metrics, and the importance of active engagement within open source communities. This episode offers a wealth of knowledge and practical advice for navigating the world of open source software. Download this episode now to hear more!
[00:02:13] The discussion begins on the importance of assessing the viability of open source projects for adoption within organizations. Gary emphasizes the need to formalize the assessment of open source project viability beyond just technical metrics, Sophia stresses the importance of rigor in evaluating open source tools due to the lower barrier to adoption, and Dawn points out the importance of context, where the viability assessment depends on how the project is used within the organization.
[00:06:32] The conversation shifts to when an open source project fails or changes significantly within an organization. Dawn discusses the challenges and uncertainty companies face when an open source project becomes unusable due to license changes or discontinuation, Sophia highlights the complexities and burdens of change management when a project fails, and Gary mentions the negative impact on morale and the time-consuming nature of dealing with project failures.
[00:10:55] Sophia discusses the challenges in communication between project leaders and end users, particularly when projects are consumed through third-party package managers. Gary highlights the challenge of getting project leaders and developers motivated to assess project viability and the need for data-driven metrics to facilitate communication between leadership and implementation teams.
[00:13:09] Dawn stresses the importance of continuous assessments of open source project viability rather than treating it as a one-time task.
[00:14:06] How do we assess if a project is good? Dawn discusses her historical approach to assessing open source projects, which included manual assessments.
[00:16:31] Gary emphasizes the common practice of engineers making quick project choices without thorough assessments due to the ease of finding solutions online.
[00:19:41] Sophia highlights the importance of considering how a project is used within the organization and the strategic implications of choosing open source projects, especially in large organizations.
[00:21:50] Matt asks about monitoring and mitigating risks when using open source projects that may not be ideal from a viability perspective but are popular. Dawn acknowledges that project viability is not binary and can vary in terms of risk, suggesting that contributing to open source projects can mitigate risks.
[00:22:56] Gary emphasizes the importance of becoming engaged and active members of open source communities to gain insight into project changes and mitigate potential risks.
[00 24:15] Sophia highlights the role of metrics and monitoring in risk mitigation, mentioning that tracking certain information may not be easy but it is crucial. Dawn notes the lack of ongoing viability monitoring and suggests the need for more sophisticated approaches.
[00:26:37] Gary agrees that monitoring is essential and mentions a metric called “lib year” to track the age of dependencies as an example of monitoring for open source projects, and he discusses the importance of automated recommendations within software scanning tools to help users make informed decisions about dependencies.
[00:28:27] Sophia addresses the challenge of scale when dealing with many open source projects, emphasizing the need to adapt monitoring and risk mitigation approaches based on the organization’s portfolio size.
Value Adds (Picks) of the week:
- [00:30:15] Matt’s pick is running in the dark on cool mornings.
- [00:30:33] Dawn’s pick is hanging out with people when she was at the Open Source Summit in Bilbao, Spain.
- [00:31:03] Sophia’s pick is joining an orchestra a few months ago.
- [00:31:41] Gary’s pick is having pumpkin spice back in his life.
OSS Project Viability Metrics Models:
- OSS Project Viability: Community
- OSS Project Viability: Compliance + Security
- OSS Project Viability: Governance
- OSS Project Viability: Strategy