Explore the challenges and opportunities in measuring open source software project health and sustainability in this conference talk from the CHAOSS project. Delve into the complexities of assessing project risk using CHAOSS metrics, focusing on five key areas: security, code quality, licensing, transparency, and sustainability. Learn about the CHAOSS mission, working groups, and key stakeholders involved in developing risk metrics. Examine the risk framework, including concepts like wargames, trusted devices, and software bill of materials. Gain insights into evaluating code quality, accurate identification, test coverage, and licensing issues. Discover how to assess project sustainability and understand various dimensions of risk in open source projects. Conclude with a discussion on additional risk concerns and an opportunity for questions.
Assessing Project Risk Using CHAOSS Metrics
Overview
Syllabus
Introduction
CHAOSS Mission
CHAOSS Working Groups
Key Stakeholders
Risk Framework
Wargames
Open Source
Trusted Device
Quality of Code
Accurate Identification
Test Coverage
Licensing
Auger
Project Sustainability
Risk Metrics
Software BOM
Dimensions of Risk
Other Risk Concerns
Questions
Taught by
Linux Foundation
