In this lightning talk, we would like to share our experience, vision and methodology regarding today's challenge of improving the quality of open source software.
With the increasing success of OSS software and in parallel the advent of OSS quality failures such as Heartbleed, the interest for the models and tools able to measure and improve the quality of open-source software is growing.
This presentation will introduce:
- the OSCAR model, a new quality model for assessing open-source software (OSCAR stands for Open-source Sofware Capability Assessment Round-up), sustained by the OW2 Consortium. We will explain how it differs from other models and we will present the model's status and roadmap.
- the OSCAR platform, an open-source umbrella project implementing the OSCAR model by combining several open-source quality tools such as SonarQube, Fossology, ScanCode, Spago4Q, and outcomes from the RISCOSS European collaborative project. We will show how this platform is used for continously assessing the quality of the OW2 projects.
In this lightning talk, we would like to share our experience, vision and methodology regarding today's challenge of improving the quality of open source software.
Software is eating the world and open source licenses are eating software. This leads to the presence of OSS in nearly all the electronic systems we interact with daily, such as communication devices, cars, trains, healthcare systems, entertainment environments. This entails that the quality of the OSS components we use and produce is getting progressively as important as the quality of the air we breathe.
With the increasing success of OSS software and in parallel the advent of OSS quality failures such as Heartbleed, the interest for the models and tools able to measure and improve the quality of open-source software is growing.
Inpsired by, among others, the SEI Capability Maturity Model, several models and tools have been created in the last 20 years for describing and analyzing the quality of open-source software. These models aim at capturing both the general software engineering quality drivers of the analysed projects, and more specifically their open-source related aspects, that is in particular their governance (IP and community management), their openness and activeness levels, their compliance with standards. Among the most well-known initiatives: the Qualipso Open Maturity Model, the Qualification and Selection of Open Source software methodology, the Software Sustainability Maturity Model (OSS Watch), the NASA Reuse Readiness Levels, the PolarSys Maturity Assessment model. More recenlty, the Linux Foundation has launched the "Badge Program" project for drafting a new quality model for open-source software. Simultaneously, the growing number of companies developing a business in assessing the quality and the vulnerabilities of OSS shows the importance of the topic for the whole economy.
The existing models raise several questions:
- first of all, theses models do not always follow the same pace as the IT world: several models were drafted in a pre-cloud, pre-devops, pre-heartbleed area and do not cover important aspects of modern OSS such as the ability to deploy easily a project into one or several cloud environments.
- second, the models generally do not provide a reference implementation for feeding the data with open-source software and for providing both high-level and detailed quality analysis.
- third, while it's easy to get a general consensus on software quality, divergences can appear when going into the details and attributing weights to the criteria, hence a need for a flexible model.
This lightning talk will introduce:
- the OSCAR model, a new quality model for assessing open-source software (OSCAR stands for Open-source Sofware Capability Assessment Round-up), sustained by the OW2 Consortium. We will explain how it differs from other models and we will present the model's status and roadmap.
- the OSCAR platform, an open-source umbrella project implementing the OSCAR model by combining several open-source quality tools such as SonarQube, Fossology, ScanCode, Spago4Q, and outcomes from the RISCOSS European collaborative project. We will show how this platform is used for continously assessing the quality of the OW2 projects.
