Supporting and Assessing

Market Readiness of OW2 Projects

A Progress Report

Cédric Thomas, OW2

FOSDEM, Saturday, February 4, 2017

Community

Governance

Activities

Members

Code Base

OW2Non-Profit Open Source Organization

European and Global

Feb 4, 2017 32016, Cedric Thomas

Feb 4, 2017 42016, Cedric Thomas

Feb 4, 2017 52016, Cedric Thomas

Feb 4, 2017 62016, Cedric Thomas

7

Commercial Open SourceFree Software

Feb 4, 2017 82017, Cedric Thomas

Agenda OSS Projects and the Value Chain

Evaluating Readiness and Maturity

Evaluating Open Source Projects

OW2 OSCAR Approach

Feb 4, 2017 92017, Cedric Thomas

Project categoriesCode to productSupporting market readiness

OSS projects and the value chain

Feb 4, 2017 102017, Cedric Thomas

Community projects

Feb 4, 2017 112017, Cedric Thomas

Enterprise projects

Feb 4, 2017 122017, Cedric Thomas

Collaborative projects

Feb 4, 2017 132017, Cedric Thomas

Software is Code

Feb 4, 2017 142017, Cedric Thomas

What is a Software Product?

Developer Customer

Feb 4, 2017 152017, Cedric Thomas

What makes a Software Product?

Developer Customer

Documentation

Testing

Upgrades Training Etc.

Pricing Contracts Support Expertise

Packaging

162017, Cedric Thomas

Research & Development

Co

deP

OC

sU

se-c

ases

De

mon

stra

tors

Do

cum

enta

tion

Test

ing

Up

grad

esB

ug-f

ixin

gT

rain

ing

Sup

port

Pac

kagi

ngC

ase

stu

dies

Co

llate

ral

Pric

ing

Co

ntra

cts

Ear

ly a

dopt

ers

Etc

.

Pre

dict

abili

tyQ

ualit

yT

rust

Without the code, the rest does not exist,but it's the rest that gives market value to the code

DeliveryChallenge

What creates value?

Market Value

OSS

172017, Cedric Thomas

Research & Development

Co

deP

OC

sU

se-c

ases

De

mon

stra

tors

Do

cum

enta

tion

Ro

adm

apU

pgr

ades

Bug

-fix

ing

Tra

inin

gS

uppo

rtP

acka

ging

Ca

se s

tudi

esC

olla

tera

lP

ricin

gC

ont

ract

sE

arly

ado

pter

sE

tc.

Pre

dict

abili

tyQ

ualit

yT

rust

DeliveryChallenge

Market Value

Who creates value?The ecosystem

ContributorsDistrib. Vendors

Open Source Orgs.

Fiduciary Services Users

Systems Integrators

182017, Cedric Thomas

Research & Development

Co

deP

OC

sU

se-c

ases

De

mon

stra

tors

Do

cum

enta

tion

Ro

adm

apU

pgr

ades

Bug

-fix

ing

Tra

inin

gS

uppo

rtP

acka

ging

Ca

se s

tudi

esC

olla

tera

lP

ricin

gC

ont

ract

sE

arly

ado

pter

sE

tc.

Pre

dict

abili

tyQ

ualit

yT

rust

OW2 is an ecosystem platform that helps create value in open source projects

DeliveryChallengeCollaborative Development Technical Resources

Governance, Projects, Initiatives, Quality Program

Communication, Outreach, Marketplace

OSCAR

Market Value

Supporting market readiness and value creation

192017, Cedric Thomas

Technology Readiness LevelMarket readinessOpen source readiness

Evaluating Readiness and Maturity

202017, Cedric Thomas

NASA/DOD TRL

http

://w

ww

.fra

nki

cham

aki

.co

m/w

p-c

ont

ent/

uplo

ad

s/2

014

/01/

nasa

-trl.

jpg

212017, Cedric Thomas

http

s://s

teve

bla

nk.

files

.wo

rdp

ress

.co

m/2

01

3/11

/irl.j

pg

Investment Readiness Level

222017, Cedric Thomas http

://w

ww

.ndi

a.o

rg/D

ivis

ions

/Div

isio

ns/S

cie

nce

An

dE

ngin

ee

ring

Tech

nol

ogy

/Do

cum

en

ts/C

oyl

e%

20

ND

IA.p

df

232017, Cedric Thomas

QualiPSoOW2 SQuATCII Badge Program

Evaluating Open Source Projects

242017, Cedric Thomas

OSS Analysis LandscapeEU

Col

lab.

Pro

ject

sIn

dust

rySt

anda

rdiz

atio

n bo

dies

IP a

naly

sis

Stat

ic a

naly

sis

Qua

litat

ive

anal

ysis

OW2 OMM forms

Engi

neer

ing

met

rics

CI /

Te

stin

g

Crowd testing

252017, Cedric Thomas

2007: QualiPSo European project

48 months (2007-2010)

22 organisations from 9 countries (3 continents)

It is all about TRUST

Trust cannot be claimed without being proved!!!

QualiPSo aimed at standardising the way OSS systems are built, offered and consumed.

262017, Cedric Thomas

272017, Cedric Thomas

2010: OW2 Software Quality Assurance and Trustworthiness(SQuAT)

IP verification: FOSSology

Applied on all OW2 mature projects

Code verification: Antelink

Provides traceability of external libraries

Static analysis: Sonar

Set of OW2 Sonar rules

Maturity analysis: Qualipso

OMM applied to OW2 projects

282017, Cedric Thomas

PDOC STD QTP LCS ENV DFCT MST CM PP REQM RDMP STK

0

1

2

3

4

3.22

3.75

3.43

43.83

3.71 3.754

3

4

3

3.89

OMM Basic level

Trustworthy elements assessment

Trustworthy elements

Assessed

value

PDOC STD QTP LCS ENV DFCT MST CM PP REQM RDMP STK

0

1

2

3

4

5

6

7

8

9

10

56%

75% 43%100%

83%86%

75%

100%

0%

100%33%

100%

22%

25%

57%

0%

17%0%

25%

0%

100% 0%33%

11%

0%

0%

0%

0%14%

0%

0%

0%

0%33%

0%11%

0%

0%

0%

0%

0%

0%

0%

0%

0%

0%

0%

OMM Basic levelPractices assessment value

4 3 2 1

Trustworthy elements

Assessment

value of practices

OW2 Implementation of the QualiPSo OMM

292017, Cedric Thomas

2012: RISCOSS

CommercialProducts/Services

???

Antepedia

Business Users Integrators

Open source as a public resource freely accessible

But OSS come from very different backgrounds

Exploring and mapping the open source landscape

Need to identify, measure, evaluate existing software

Many tools and online services available

302017, Cedric Thomas

2015: CII Badge Program(Linux Foundation)

Core Infrastructure Initiative (CII)

Launched after the Heartbleed failure

Organized by The Linux Foundation

Supported by Amazon Web Services, Adobe, Bloomberg, Cisco, Dell, Facebook, Fujitsu, Google, Hitachi, HP, Huawei, IBM, Intel, Microsoft, NetApp, NEC, Qualcomm, RackSpace, salesforce.com, and VMware

https://www.coreinfrastructure.org/

David A. Wheeler at OW2con'16

312017, Cedric Thomas

CII BADGE PROGRAM Checklist:

Basics Project website

Project website content

FLOSS License

Documentation

Other

Change control Public version-controlled source repository

Version numbering

Release notes (ChangeLog)

Reporting Bug reporting process

Vulnerability reporting process

Quality Working build system

Automated test suite

New functionality testing

Warning flags

Security Secure development knowledge

Good cryptographic practices

Secured delivery mechanism

Publicly-known vulnerabilities fixed

Analysis Static code analysis

Dynamic analysis

322017, Cedric Thomas

More than just TRLMarket readinessPromotes best practices

OW2 OSCARApproach

332017, Cedric Thomas

OSCAROpen Source Capability Assessment Radar

Requirements

Metrics

Visual Reporting

Risk analysis

OM

M F

orm

Metrics / Scorecards

Documentation

Privacy / GDPR

Standards

Licenses and IP

Fossology

SonarQube

Static code analysis

Code / Commits / Bugs

Testing / CI / Release

Cloud Deployment

OM

M F

orm

Governance Engineering

More to come:- Accessibility- Deployability- Marketing- Funding

Feb 4, 2017 342017, Cedric Thomas

OMM Assessment Web Form

Feb 4, 2017 352017, Cedric Thomas

OMMAssessment

Feb 4, 2017 362017, Cedric Thomas

FOSSologyLicense analysis

Feb 4, 2017 372017, Cedric Thomas

SonarQubeStatic code analysis

Feb 4, 2017 382017, Cedric Thomas

Risk Analysis

Feb 4, 2017 392017, Cedric Thomas

Risk Models

Feb 4, 2017 402017, Cedric Thomas

OSCAR Market Readiness Scorecard

412017, Cedric Thomas

Work in Progress! Market Readiness Level

A type of measurement system used to estimate the market maturity and readyness of a particular project

Rough Code(useless)

Fully Supported Product(useful)

42

www.ow2.orgFor more details please contact Cedric Thomas, OW2 CEO, cedric.thomas@ow2.org

And now let's talkQ&ADisagreementsComplementsFeedbacketc.

Thank You