Episode 92

ISO Standards for Open Source Community Health Metrics

00:00:00
/
00:28:41

5 September 2024

28 mins 41 secs

Your Hosts
Special Guest

About this Episode

Thank you to the folks at Sustain for providing the hosting account for CHAOSSCast!

CHAOSScast – Episode 92

In this episode of CHAOSScast, host Alice Sowerby is joined by Sean Goggins, Georg Link, and guest Divya Mohan, to discuss the importance and process of establishing ISO standards for open source community health metrics. The panel delves into how ISO standards ensure interoperability and aid in establishing credible industry practices. They highlight existing ISO standards in open source and share how these efforts are being translated into the CHAOSS Project's metrics, particularly focusing on security and community activity. The conversation includes insights on the current state of the project, the feedback process, and how interested individuals can get involved. Press download to hear more!

[00:02:47] Georg explains ISO standards as international standards ensuring interoperability and formalizing metrics and highlights the transition from CHAOSS Project’s defacto standards to ISO standards for broader adoption and formal recognition.

[00:04:45] Sean adds that ISO standards help communicate quality in manufacturing and software processes, making it relevant for enterprises engaged in open source.

[00:05:46] Sean and Georg discuss existing ISO standards in the open source sphere, including SPDX and OpenChain. Divya Mentions the ongoing development of the Security Assurance Specification by the OpenChain Project.

[00:08:54] Sean describes how the idea of creating an ISO standard based on CHAOSS Project metrics began with discussions with Asian Pacific members and their manufacturing contexts.

[00:09:45] Divya explains how the process of creating an ISO standard involves rigorous feedback and adjustments, affecting how metrics and documentation are shaped, and she elaborates on the feedback process.

[00:12:22] Georg highlights the importance of feedback in the ISO standardization process and the additional rigor and format required compared to the CHAOSS Project’s current metrics.

[00:14:10] Georg updates the projects progress which involves two drafts (security and community activity metrics) that are in development, Sean mentions the reliance on the Joint Development Foundation (JDF) for guidance and expertise in navigating the ISO standardization process, and Divya explains how people can contribute.

[00:16:47] Alice highlights areas where help is needed, particularly from those with ISO standards experience and input on security and community activity metrics.

[00:17:18] Sean emphasizes that anyone with an interest in CHAOSS metrics or ISO standards could contribute by refining and formalizing existing metrics.

[00:18:11] Georg introduces the security ISO standard draft which includes Introduction to scope, Conformance requirements, Terms and definitions, and Summary of requirements.

[00:21:32] Alice notes that the community activity draft is less developed but invites people to review and contribute, and Georg explains the community activity metrics focus on: Activity levels, Number of contributors, and Number of organizations involved.

Value Adds (Picks) of the week:

  • [00:23:04] Alice’s pick is the NHS.
  • [00:23:26] Georg’s pick is physical therapy for recovering the use of his arm.
  • [00:24:17] Sean’s pick is planning a documentary.
  • [00:25:59] Divya’s pick is pottery making.

Panelists:
Alice Sowerby
Georg Link
Sean Goggins

Guest:
Divya Mohan

Links:

CHAOSS

CHAOSS Project X/Twitter

CHAOSScast Podcast

podcast@chaoss.community

Georg Link Website

Alice Sowerby Website

Sean Goggins X/Twitter

Divya Mohan X/Twitter

Divya Mohan Website

Divya Mohan LinkedIn

Meeting Invite for the CHAOSS ISO Standards Meeting

Metric Model: Community Activity

ISO standard for OSS Project Viability (security) draft

Joint Development Foundation

NHS

Support CHAOSScast