SlideShare une entreprise Scribd logo

Health and Sustainability of Open Source Software from a Public Sector Perspective

J
Johan Linåker

Open Source Software (OSS) makes up a critical part of today's digital infrastructure. As with physical infrastructure, its robustness and security depend on how well it is maintained. But how do you know how "well-maintained" and secure an OSS project is? Or what you can do to help? This presentation will shed light on the concept of health and sustainability of OSS projects, how to analyze it, and how to act on it. We will also discuss how this can help public as well as private entities in decisions related to OSS adoption and contributions, and consider how it may, and should, be part of a continuous and proactive security mindset and risk management process.

Technologie
1  sur  26
Télécharger pour lire hors ligne
JOHAN LINÅKER, PHD Health and Sustainability of Open Source Software from a Public Sector Perspective Slide #1 | @johanlinaker
About Johan Slide #2 | @johanlinaker
Open Source Software Sustainability Slide #3 | @johanlinaker • An Open Source Software project’s capability to stay maintained at length without interruption or weakening Photo by Jan Piatkowski | https://unsplash.com/photos/eopz9bkwROs
Open Source Software Health Slide #4 | @johanlinaker • An Open Source Software project’s ability to stay viable over time – Productivity: There is an active development of the project – Robustness: The development is open and spread out on several (independent) individuals – Openness: Users of the project can influence and contribute to the development of the project Photo by Markus Frieauff | https://unsplash.com/photos/IJ0KiXl4uys
Slide #5 | @johanlinaker • Open Source Software makes up a vitale building block in our digital infrastructure • Needs maintenance as with physical infrastructure to stay secure and robust Photo by Modestas Urbonas | https://unsplash.com/photos/vj_9l20fzj0 Open Source Software and our Digital Infrastructure
Slide #6 | @johanlinaker Photo by Modestas Urbonas | https://unsplash.com/photos/vj_9l20fzj0 Open Source Software and our Digital Infrastructure • Recommended reading by Nadia Eghbal – Roads and Bridges – Working in Public: The Making and Maintenance of Open Source Software
Slide #7 | @johanlinaker Photo by @tsjost and XKCD | https://twitter.com/tsjost/status/1295662118113619968 Open Source Software and our Digital Infrastructure
Slide #8 | @johanlinaker • Open Source Software is... – full of, or receptible to, vulnerabilties ready to be exploited – always more secure than proprietary alternatives Photo by Elena Rouame | https://unsplash.com/photos/9JU2CKqtw0M The Dualism of Quality
Example: Heartbleed Slide #9 | @johanlinaker • A bug introduced into the OpenSSL cryptography library • Used in a large part of the world’s connected devices • Introduced in 2012, fixed in 2014 • Enabled access to private identification keys • Was maintained by two individauls at time of introduction while used by (almost) everyone Photo by Alexander Sinn | https://unsplash.com/photos/KgLtFCgfC28
Slide #10 | @johanlinaker • Also known as Linus’ law → • ”Given enough eyeballs, all bugs are shallow” • Requires that enough eyeballs actually reaches the codebase Photo by Frida Bredesen | https://unsplash.com/photos/c1fFv08N7qE The ”Many-Eyes” effect
Slide #11 | @johanlinaker • Maintainers are humans, not robots – Burnout, changed family or working conditions • Companies must adapt to stay competitive – Refactorization, new products, changed business model Photo by NeONBRAND | https://unsplash.com/photos/KYxXMTpTzek Development Resources are Depletable
Slide #12 | @johanlinaker ● Maintainer(s)? ● Developer community? ● User community? ● Individuals vs. Companies vs. Government? Photo by Scott Blake | https://unsplash.com/photos/x-ghf9LjrVg Who’s responsible for ensuring the SW quality?
Slide #13 | @johanlinaker ● Challenged by lack of culture, knowledge and resources ● Acquisition and public procurement key to adoption and development of open source software ● Need for support and direction Photo by Marco Oriolesi | https://unsplash.com/photos/wqLGlhjr6Og Open Source Software in the Public Sector
The OSPO-approach: Example from Italy Slide #14 | @johanlinaker • National and regional competence centers → Government Open Source Program Offices • Law requiring use and release of Open Source Software • Decision model and guidelines for how to evaulate and compare open source software, including: – ”the viability of the open source project, through the assessment of visible indicators on the repository, such as code activity, release history, user community, longevity of the project, number of unique developers.” • See: https://docs.italia.it/italia/developers-italia/gl- acquisition-and-reuse-software-for-pa-docs/en/ stabile/index.html Photo by Mark Tegethoff | https://unsplash.com/photos/l-GmdF7Md0o
The Foundation-approach: Example from Denmark Slide #15 | @johanlinaker Photo by Nick Karvounis | https://unsplash.com/photos/3_ZGrsirryY • OS2 – formal collaboration between majority of Danish municipalities → Government foundation • Projects initiated by one or multiple municipalities, developed through procurement • Ecosystem of 60+ vendors and service suppliers • Established governance and collaboration models for new open source software projects • See: https://os2.eu/
The Network-approach: Example from Sweden Slide #16 | @johanlinaker Photo by Inès d'Anselme | https://unsplash.com/photos/IAe4R_RiB08 • Network for Open Source and Data • Network for public entities sharing knowledge and growing culture on the use and collaboration of open source software and open data • Monthly workshops with 80-120 participants with diverse representation • Software catalouge of open source software used by Swedish public entities • Do what we can we available time and resources • See: https://nosad.se
Health Assessment in Acquisition process Slide #17 | @johanlinaker • Is the project secure, i.e., viable long- term? • Enable comparance between open and closed alternatives Photo by Miguel Teirlinck | https://unsplash.com/photos/UreG3TJEpiQ
Health Assessment of Dependent Projects Slide #18 | @johanlinaker • Identify projects in need of support where health is low or at risk • Proactive risk management and security work • (or just being a good open source citizen) Photo by Miguel Teirlinck | https://unsplash.com/photos/UreG3TJEpiQ
Need for general tools and process support Slide #19 | @johanlinaker • ...criteria that can be used to evaluate software security, include criteria to evaluate the security practices of the developers and suppliers themselves...” • https://www.whitehouse.gov/briefing-room/presidential-actions/ 2021/05/12/executive-order-on-improving-the-nations-cybersecurity/ Photo by Tabrez Syed | https://unsplash.com/photos/dbc9DGSJzKo
CHAOSS – a metric toolbox Slide #20 | @johanlinaker • Community Health Analytics for Open Source Software (CHAOSS) • Framework with metrics for health analysis and assessments • Five focus areas – Value – Risk – Evolution – Diversity and Inclusion – Common • See: https://chaoss.community Photo by Luke Chesser | https://unsplash.com/photos/JKUTrJ4vK00
Slide #21 | @johanlinaker Photo by Bilgin Ibryam | https://monetize.substack.com/p/a-framework-for-open-source-evaluation Need for systamization
A qualitative approach to health assessment Slide #22 | @johanlinaker • Legal – Ownership of copyright, type of license • Governance – Openness for influence and appointment • Accessability – Comunication and development • Diversity – Users and developers • Professionell support – Variety and types of services • Social activity – Comunication and development • Development activity – Technical and non-technical • Quality – Testcases, documentation, process etc. • Based on https://CHAOSS.community and https://www.redhat.com/en/resources/open-source-p roject-health-checklist Photo by JESHOOTS.COM | https://unsplash.com/photos/LtNvQHdKkmw
Lessons Learned from Practice Slide #23 | @johanlinaker • For sourcing and acqusition processes of strategic software – Comprehensive and thorough process – Easy to maintain overview – Qualitative focus – Evaluation support Photo by Belinda Fewings | https://unsplash.com/photos/LtNvQHdKkmw
Final takeaways Slide #24 | @johanlinaker • Health and sustainability of open source software is key to a secure and robust digital infrastructure • Public sector (and everyone else) should consider what responsibility they have in terms of contributing to health of central open source software projects • Public entities need support and direction in how they can use and develop open source software • Health assessment should be integrated as a key practice in public acquisition processes Photo by Omer Sonido | https://unsplash.com/photos/LEMtekMLW4o
Slide #25 | @johanlinaker
Slide #26 | @johanlinaker

Recommandé

Open Source Software - What is it?
Open Source Software - What is it?Open Source Software - What is it?
Open Source Software - What is it?
Johan Linåker
 
mozilla
mozillamozilla
mozilla
webuploader
 
Thoughts on Open Accessibility
Thoughts on Open AccessibilityThoughts on Open Accessibility
Thoughts on Open Accessibility
colinbdclark
 
Civic User Testing Group as a Model in Changing the Relationship Between Gove...
Civic User Testing Group as a Model in Changing the Relationship Between Gove...Civic User Testing Group as a Model in Changing the Relationship Between Gove...
Civic User Testing Group as a Model in Changing the Relationship Between Gove...
Daniel X. O'Neil
 
Appleseed Social Networking
Appleseed Social NetworkingAppleseed Social Networking
Appleseed Social Networking
FSCONS
 
Technologies for Free Culture World Domination Workshop 2007-06-17
Technologies for Free Culture World Domination Workshop 2007-06-17Technologies for Free Culture World Domination Workshop 2007-06-17
Technologies for Free Culture World Domination Workshop 2007-06-17
Mike Linksvayer
 
IWMW 2002: open source sofware debate: kelly
IWMW 2002: open source sofware debate: kellyIWMW 2002: open source sofware debate: kelly
IWMW 2002: open source sofware debate: kelly
IWMW
 
Data Science: History repeated? – The heritage of the Free and Open Source GI...
Data Science: History repeated? – The heritage of the Free and Open Source GI...Data Science: History repeated? – The heritage of the Free and Open Source GI...
Data Science: History repeated? – The heritage of the Free and Open Source GI...
Peter Löwe
 

Recommandé

Open Source Software - What is it?
Open Source Software - What is it?Open Source Software - What is it?
Open Source Software - What is it?
Johan Linåker
 
mozilla
mozillamozilla
mozilla
webuploader
 
Thoughts on Open Accessibility
Thoughts on Open AccessibilityThoughts on Open Accessibility
Thoughts on Open Accessibility
colinbdclark
 
Civic User Testing Group as a Model in Changing the Relationship Between Gove...
Civic User Testing Group as a Model in Changing the Relationship Between Gove...Civic User Testing Group as a Model in Changing the Relationship Between Gove...
Civic User Testing Group as a Model in Changing the Relationship Between Gove...
Daniel X. O'Neil
 
Appleseed Social Networking
Appleseed Social NetworkingAppleseed Social Networking
Appleseed Social Networking
FSCONS
 
Technologies for Free Culture World Domination Workshop 2007-06-17
Technologies for Free Culture World Domination Workshop 2007-06-17Technologies for Free Culture World Domination Workshop 2007-06-17
Technologies for Free Culture World Domination Workshop 2007-06-17
Mike Linksvayer
 
IWMW 2002: open source sofware debate: kelly
IWMW 2002: open source sofware debate: kellyIWMW 2002: open source sofware debate: kelly
IWMW 2002: open source sofware debate: kelly
IWMW
 
Data Science: History repeated? – The heritage of the Free and Open Source GI...
Data Science: History repeated? – The heritage of the Free and Open Source GI...Data Science: History repeated? – The heritage of the Free and Open Source GI...
Data Science: History repeated? – The heritage of the Free and Open Source GI...
Peter Löwe
 
Social media based dissemination strategies for managers of LLP projects
Social media based dissemination strategies for managers of LLP projectsSocial media based dissemination strategies for managers of LLP projects
Social media based dissemination strategies for managers of LLP projects
Web2Learn
 
Social media based dissemination strategies for Erarmus project managers
Social media based dissemination strategies for Erarmus project managersSocial media based dissemination strategies for Erarmus project managers
Social media based dissemination strategies for Erarmus project managers
Web2Learn
 
Social media based dissemination strategies for Erarmus project managers
Social media based dissemination strategies for Erarmus project managersSocial media based dissemination strategies for Erarmus project managers
Social media based dissemination strategies for Erarmus project managers
Web2LLP
 
Social media and researchers: Josipa Crnic Deakin University
Social media and researchers: Josipa Crnic Deakin University Social media and researchers: Josipa Crnic Deakin University
Social media and researchers: Josipa Crnic Deakin University
therese nolan-brown
 
Open Goverment Data: Insights from the International Open Goverment Data Conf...
Open Goverment Data: Insights from the International Open Goverment Data Conf...Open Goverment Data: Insights from the International Open Goverment Data Conf...
Open Goverment Data: Insights from the International Open Goverment Data Conf...
Institute for Health Metrics and Evaluation - University of Washington
 
7th I.S.L.E meeting: WP8 Dissemination
7th I.S.L.E meeting: WP8 Dissemination7th I.S.L.E meeting: WP8 Dissemination
7th I.S.L.E meeting: WP8 Dissemination
ISLE Network
 
COBWEB End of Summer 2015 Co-Design Projects Celebration
COBWEB End of Summer 2015 Co-Design Projects CelebrationCOBWEB End of Summer 2015 Co-Design Projects Celebration
COBWEB End of Summer 2015 Co-Design Projects Celebration
EDINA, University of Edinburgh
 
End of COBWEB Co-Design Projects Celebration
End of COBWEB Co-Design Projects Celebration End of COBWEB Co-Design Projects Celebration
End of COBWEB Co-Design Projects Celebration
EDINA, University of Edinburgh
 
02 20141210 beyond_dm2_e_sustainable_digital_services_chambers_v2
02 20141210 beyond_dm2_e_sustainable_digital_services_chambers_v202 20141210 beyond_dm2_e_sustainable_digital_services_chambers_v2
02 20141210 beyond_dm2_e_sustainable_digital_services_chambers_v2
Digitised Manuscripts to Europeana
 
Designing a second generation of open data platforms
Designing a second generation of open data platformsDesigning a second generation of open data platforms
Designing a second generation of open data platforms
Yannis Charalabidis
 
Open daylight a_year_in_the_life_2014.10.08
Open daylight a_year_in_the_life_2014.10.08Open daylight a_year_in_the_life_2014.10.08
Open daylight a_year_in_the_life_2014.10.08
Christopher Price
 
Hackathon for health, assisted living, social care and communities nov 2015
Hackathon for health, assisted living, social care and communities nov 2015Hackathon for health, assisted living, social care and communities nov 2015
Hackathon for health, assisted living, social care and communities nov 2015
esben1962
 
Environmental data at your fingertips - mmea.fi
Environmental data at your fingertips - mmea.fiEnvironmental data at your fingertips - mmea.fi
Environmental data at your fingertips - mmea.fi
CLEEN_Ltd
 
Hymes presentation
Hymes presentationHymes presentation
Hymes presentation
jmjenna
 
Cities for eCitezens: Making eDemocracy Projects Work
Cities for eCitezens: Making eDemocracy Projects WorkCities for eCitezens: Making eDemocracy Projects Work
Cities for eCitezens: Making eDemocracy Projects Work
EGAP Program
 
Crowdsourcing Innovation: the role of UX
Crowdsourcing Innovation: the role of UXCrowdsourcing Innovation: the role of UX
Crowdsourcing Innovation: the role of UX
johanna kollmann
 
Mobile Age: Open Data Mobile Apps to Support Independent Living
Mobile Age: Open Data Mobile Apps to Support Independent LivingMobile Age: Open Data Mobile Apps to Support Independent Living
Mobile Age: Open Data Mobile Apps to Support Independent Living
Mobile Age Project
 
Social Network Analysis with NodeXL Part 1
Social Network Analysis with NodeXL Part 1Social Network Analysis with NodeXL Part 1
Social Network Analysis with NodeXL Part 1
Dr Wasim Ahmed
 
Better Software, Better Practices, Better Research
Better Software, Better Practices, Better ResearchBetter Software, Better Practices, Better Research
Better Software, Better Practices, Better Research
Shoaib Sufi
 
A Recipe for Sustainable Software
A Recipe for Sustainable SoftwareA Recipe for Sustainable Software
A Recipe for Sustainable Software
Philip Bourne
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
apidays
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
Khem
 

Contenu connexe

Similaire à Health and Sustainability of Open Source Software from a Public Sector Perspective

Social media based dissemination strategies for Erarmus project managers
Social media based dissemination strategies for Erarmus project managersSocial media based dissemination strategies for Erarmus project managers
Social media based dissemination strategies for Erarmus project managers
Web2LLP
 
Hymes presentation
Hymes presentationHymes presentation
Hymes presentation
jmjenna
 
Mobile Age: Open Data Mobile Apps to Support Independent Living
Mobile Age: Open Data Mobile Apps to Support Independent LivingMobile Age: Open Data Mobile Apps to Support Independent Living
Mobile Age: Open Data Mobile Apps to Support Independent Living
Mobile Age Project
 

Similaire à Health and Sustainability of Open Source Software from a Public Sector Perspective (20)

Social media based dissemination strategies for managers of LLP projects
Social media based dissemination strategies for managers of LLP projectsSocial media based dissemination strategies for managers of LLP projects
Social media based dissemination strategies for managers of LLP projects
 
Social media based dissemination strategies for Erarmus project managers
Social media based dissemination strategies for Erarmus project managersSocial media based dissemination strategies for Erarmus project managers
Social media based dissemination strategies for Erarmus project managers
 
Social media based dissemination strategies for Erarmus project managers
Social media based dissemination strategies for Erarmus project managersSocial media based dissemination strategies for Erarmus project managers
Social media based dissemination strategies for Erarmus project managers
 
Social media and researchers: Josipa Crnic Deakin University
Social media and researchers: Josipa Crnic Deakin University Social media and researchers: Josipa Crnic Deakin University
Social media and researchers: Josipa Crnic Deakin University
 
Open Goverment Data: Insights from the International Open Goverment Data Conf...
Open Goverment Data: Insights from the International Open Goverment Data Conf...Open Goverment Data: Insights from the International Open Goverment Data Conf...
Open Goverment Data: Insights from the International Open Goverment Data Conf...
 
7th I.S.L.E meeting: WP8 Dissemination
7th I.S.L.E meeting: WP8 Dissemination7th I.S.L.E meeting: WP8 Dissemination
7th I.S.L.E meeting: WP8 Dissemination
 
COBWEB End of Summer 2015 Co-Design Projects Celebration
COBWEB End of Summer 2015 Co-Design Projects CelebrationCOBWEB End of Summer 2015 Co-Design Projects Celebration
COBWEB End of Summer 2015 Co-Design Projects Celebration
 
End of COBWEB Co-Design Projects Celebration
End of COBWEB Co-Design Projects Celebration End of COBWEB Co-Design Projects Celebration
End of COBWEB Co-Design Projects Celebration
 
02 20141210 beyond_dm2_e_sustainable_digital_services_chambers_v2
02 20141210 beyond_dm2_e_sustainable_digital_services_chambers_v202 20141210 beyond_dm2_e_sustainable_digital_services_chambers_v2
02 20141210 beyond_dm2_e_sustainable_digital_services_chambers_v2
 
Designing a second generation of open data platforms
Designing a second generation of open data platformsDesigning a second generation of open data platforms
Designing a second generation of open data platforms
 
Open daylight a_year_in_the_life_2014.10.08
Open daylight a_year_in_the_life_2014.10.08Open daylight a_year_in_the_life_2014.10.08
Open daylight a_year_in_the_life_2014.10.08
 
Hackathon for health, assisted living, social care and communities nov 2015
Hackathon for health, assisted living, social care and communities nov 2015Hackathon for health, assisted living, social care and communities nov 2015
Hackathon for health, assisted living, social care and communities nov 2015
 
Environmental data at your fingertips - mmea.fi
Environmental data at your fingertips - mmea.fiEnvironmental data at your fingertips - mmea.fi
Environmental data at your fingertips - mmea.fi
 
Hymes presentation
Hymes presentationHymes presentation
Hymes presentation
 
Cities for eCitezens: Making eDemocracy Projects Work
Cities for eCitezens: Making eDemocracy Projects WorkCities for eCitezens: Making eDemocracy Projects Work
Cities for eCitezens: Making eDemocracy Projects Work
 
Crowdsourcing Innovation: the role of UX
Crowdsourcing Innovation: the role of UXCrowdsourcing Innovation: the role of UX
Crowdsourcing Innovation: the role of UX
 
Mobile Age: Open Data Mobile Apps to Support Independent Living
Mobile Age: Open Data Mobile Apps to Support Independent LivingMobile Age: Open Data Mobile Apps to Support Independent Living
Mobile Age: Open Data Mobile Apps to Support Independent Living
 
Social Network Analysis with NodeXL Part 1
Social Network Analysis with NodeXL Part 1Social Network Analysis with NodeXL Part 1
Social Network Analysis with NodeXL Part 1
 
Better Software, Better Practices, Better Research
Better Software, Better Practices, Better ResearchBetter Software, Better Practices, Better Research
Better Software, Better Practices, Better Research
 
A Recipe for Sustainable Software
A Recipe for Sustainable SoftwareA Recipe for Sustainable Software
A Recipe for Sustainable Software
 

Dernier

Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 

Dernier (20)

Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 

Health and Sustainability of Open Source Software from a Public Sector Perspective

  • 1. JOHAN LINÅKER, PHD Health and Sustainability of Open Source Software from a Public Sector Perspective Slide #1 | @johanlinaker
  • 2. About Johan Slide #2 | @johanlinaker
  • 3. Open Source Software Sustainability Slide #3 | @johanlinaker • An Open Source Software project’s capability to stay maintained at length without interruption or weakening Photo by Jan Piatkowski | https://unsplash.com/photos/eopz9bkwROs
  • 4. Open Source Software Health Slide #4 | @johanlinaker • An Open Source Software project’s ability to stay viable over time – Productivity: There is an active development of the project – Robustness: The development is open and spread out on several (independent) individuals – Openness: Users of the project can influence and contribute to the development of the project Photo by Markus Frieauff | https://unsplash.com/photos/IJ0KiXl4uys
  • 5. Slide #5 | @johanlinaker • Open Source Software makes up a vitale building block in our digital infrastructure • Needs maintenance as with physical infrastructure to stay secure and robust Photo by Modestas Urbonas | https://unsplash.com/photos/vj_9l20fzj0 Open Source Software and our Digital Infrastructure
  • 6. Slide #6 | @johanlinaker Photo by Modestas Urbonas | https://unsplash.com/photos/vj_9l20fzj0 Open Source Software and our Digital Infrastructure • Recommended reading by Nadia Eghbal – Roads and Bridges – Working in Public: The Making and Maintenance of Open Source Software
  • 7. Slide #7 | @johanlinaker Photo by @tsjost and XKCD | https://twitter.com/tsjost/status/1295662118113619968 Open Source Software and our Digital Infrastructure
  • 8. Slide #8 | @johanlinaker • Open Source Software is... – full of, or receptible to, vulnerabilties ready to be exploited – always more secure than proprietary alternatives Photo by Elena Rouame | https://unsplash.com/photos/9JU2CKqtw0M The Dualism of Quality
  • 9. Example: Heartbleed Slide #9 | @johanlinaker • A bug introduced into the OpenSSL cryptography library • Used in a large part of the world’s connected devices • Introduced in 2012, fixed in 2014 • Enabled access to private identification keys • Was maintained by two individauls at time of introduction while used by (almost) everyone Photo by Alexander Sinn | https://unsplash.com/photos/KgLtFCgfC28
  • 10. Slide #10 | @johanlinaker • Also known as Linus’ law → • ”Given enough eyeballs, all bugs are shallow” • Requires that enough eyeballs actually reaches the codebase Photo by Frida Bredesen | https://unsplash.com/photos/c1fFv08N7qE The ”Many-Eyes” effect
  • 11. Slide #11 | @johanlinaker • Maintainers are humans, not robots – Burnout, changed family or working conditions • Companies must adapt to stay competitive – Refactorization, new products, changed business model Photo by NeONBRAND | https://unsplash.com/photos/KYxXMTpTzek Development Resources are Depletable
  • 12. Slide #12 | @johanlinaker ● Maintainer(s)? ● Developer community? ● User community? ● Individuals vs. Companies vs. Government? Photo by Scott Blake | https://unsplash.com/photos/x-ghf9LjrVg Who’s responsible for ensuring the SW quality?
  • 13. Slide #13 | @johanlinaker ● Challenged by lack of culture, knowledge and resources ● Acquisition and public procurement key to adoption and development of open source software ● Need for support and direction Photo by Marco Oriolesi | https://unsplash.com/photos/wqLGlhjr6Og Open Source Software in the Public Sector
  • 14. The OSPO-approach: Example from Italy Slide #14 | @johanlinaker • National and regional competence centers → Government Open Source Program Offices • Law requiring use and release of Open Source Software • Decision model and guidelines for how to evaulate and compare open source software, including: – ”the viability of the open source project, through the assessment of visible indicators on the repository, such as code activity, release history, user community, longevity of the project, number of unique developers.” • See: https://docs.italia.it/italia/developers-italia/gl- acquisition-and-reuse-software-for-pa-docs/en/ stabile/index.html Photo by Mark Tegethoff | https://unsplash.com/photos/l-GmdF7Md0o
  • 15. The Foundation-approach: Example from Denmark Slide #15 | @johanlinaker Photo by Nick Karvounis | https://unsplash.com/photos/3_ZGrsirryY • OS2 – formal collaboration between majority of Danish municipalities → Government foundation • Projects initiated by one or multiple municipalities, developed through procurement • Ecosystem of 60+ vendors and service suppliers • Established governance and collaboration models for new open source software projects • See: https://os2.eu/
  • 16. The Network-approach: Example from Sweden Slide #16 | @johanlinaker Photo by Inès d'Anselme | https://unsplash.com/photos/IAe4R_RiB08 • Network for Open Source and Data • Network for public entities sharing knowledge and growing culture on the use and collaboration of open source software and open data • Monthly workshops with 80-120 participants with diverse representation • Software catalouge of open source software used by Swedish public entities • Do what we can we available time and resources • See: https://nosad.se
  • 17. Health Assessment in Acquisition process Slide #17 | @johanlinaker • Is the project secure, i.e., viable long- term? • Enable comparance between open and closed alternatives Photo by Miguel Teirlinck | https://unsplash.com/photos/UreG3TJEpiQ
  • 18. Health Assessment of Dependent Projects Slide #18 | @johanlinaker • Identify projects in need of support where health is low or at risk • Proactive risk management and security work • (or just being a good open source citizen) Photo by Miguel Teirlinck | https://unsplash.com/photos/UreG3TJEpiQ
  • 19. Need for general tools and process support Slide #19 | @johanlinaker • ...criteria that can be used to evaluate software security, include criteria to evaluate the security practices of the developers and suppliers themselves...” • https://www.whitehouse.gov/briefing-room/presidential-actions/ 2021/05/12/executive-order-on-improving-the-nations-cybersecurity/ Photo by Tabrez Syed | https://unsplash.com/photos/dbc9DGSJzKo
  • 20. CHAOSS – a metric toolbox Slide #20 | @johanlinaker • Community Health Analytics for Open Source Software (CHAOSS) • Framework with metrics for health analysis and assessments • Five focus areas – Value – Risk – Evolution – Diversity and Inclusion – Common • See: https://chaoss.community Photo by Luke Chesser | https://unsplash.com/photos/JKUTrJ4vK00
  • 21. Slide #21 | @johanlinaker Photo by Bilgin Ibryam | https://monetize.substack.com/p/a-framework-for-open-source-evaluation Need for systamization
  • 22. A qualitative approach to health assessment Slide #22 | @johanlinaker • Legal – Ownership of copyright, type of license • Governance – Openness for influence and appointment • Accessability – Comunication and development • Diversity – Users and developers • Professionell support – Variety and types of services • Social activity – Comunication and development • Development activity – Technical and non-technical • Quality – Testcases, documentation, process etc. • Based on https://CHAOSS.community and https://www.redhat.com/en/resources/open-source-p roject-health-checklist Photo by JESHOOTS.COM | https://unsplash.com/photos/LtNvQHdKkmw
  • 23. Lessons Learned from Practice Slide #23 | @johanlinaker • For sourcing and acqusition processes of strategic software – Comprehensive and thorough process – Easy to maintain overview – Qualitative focus – Evaluation support Photo by Belinda Fewings | https://unsplash.com/photos/LtNvQHdKkmw
  • 24. Final takeaways Slide #24 | @johanlinaker • Health and sustainability of open source software is key to a secure and robust digital infrastructure • Public sector (and everyone else) should consider what responsibility they have in terms of contributing to health of central open source software projects • Public entities need support and direction in how they can use and develop open source software • Health assessment should be integrated as a key practice in public acquisition processes Photo by Omer Sonido | https://unsplash.com/photos/LEMtekMLW4o
  • 25. Slide #25 | @johanlinaker
  • 26. Slide #26 | @johanlinaker