Episode 92: ISO Standards for Open Source Community Health Metrics
Manage episode 438330206 series 2999267
Thank you to the folks at Sustain for providing the hosting account for CHAOSSCast!
CHAOSScast – Episode 92
In this episode of CHAOSScast, host Alice Sowerby is joined by Sean Goggins, Georg Link, and guest Divya Mohan, to discuss the importance and process of establishing ISO standards for open source community health metrics. The panel delves into how ISO standards ensure interoperability and aid in establishing credible industry practices. They highlight existing ISO standards in open source and share how these efforts are being translated into the CHAOSS Project's metrics, particularly focusing on security and community activity. The conversation includes insights on the current state of the project, the feedback process, and how interested individuals can get involved. Press download to hear more!
[00:02:47] Georg explains ISO standards as international standards ensuring interoperability and formalizing metrics and highlights the transition from CHAOSS Project’s defacto standards to ISO standards for broader adoption and formal recognition.
[00:04:45] Sean adds that ISO standards help communicate quality in manufacturing and software processes, making it relevant for enterprises engaged in open source.
[00:05:46] Sean and Georg discuss existing ISO standards in the open source sphere, including SPDX and OpenChain. Divya Mentions the ongoing development of the Security Assurance Specification by the OpenChain Project.
[00:08:54] Sean describes how the idea of creating an ISO standard based on CHAOSS Project metrics began with discussions with Asian Pacific members and their manufacturing contexts.
[00:09:45] Divya explains how the process of creating an ISO standard involves rigorous feedback and adjustments, affecting how metrics and documentation are shaped, and she elaborates on the feedback process.
[00:12:22] Georg highlights the importance of feedback in the ISO standardization process and the additional rigor and format required compared to the CHAOSS Project’s current metrics.
[00:14:10] Georg updates the projects progress which involves two drafts (security and community activity metrics) that are in development, Sean mentions the reliance on the Joint Development Foundation (JDF) for guidance and expertise in navigating the ISO standardization process, and Divya explains how people can contribute.
[00:16:47] Alice highlights areas where help is needed, particularly from those with ISO standards experience and input on security and community activity metrics.
[00:17:18] Sean emphasizes that anyone with an interest in CHAOSS metrics or ISO standards could contribute by refining and formalizing existing metrics.
[00:18:11] Georg introduces the security ISO standard draft which includes Introduction to scope, Conformance requirements, Terms and definitions, and Summary of requirements.
[00:21:32] Alice notes that the community activity draft is less developed but invites people to review and contribute, and Georg explains the community activity metrics focus on: Activity levels, Number of contributors, and Number of organizations involved.
Value Adds (Picks) of the week:
- [00:23:04] Alice’s pick is the NHS.
- [00:23:26] Georg’s pick is physical therapy for recovering the use of his arm.
- [00:24:17] Sean’s pick is planning a documentary.
- [00:25:59] Divya’s pick is pottery making.
Panelists:
Alice Sowerby
Georg Link
Sean Goggins
Guest:
Divya Mohan
Links:
Meeting Invite for the CHAOSS ISO Standards Meeting
Metric Model: Community Activity
ISO standard for OSS Project Viability (security) draft
Special Guest: Divya Mohan.
96 ตอน