The core of open source is about using, sharing, and collaborating in software creation. With its roots in the free software movement and ensuring the rights of software users, open source has evolved from being solely the work of volunteers and hobbyists to also include the enterprise.
Collaborative software development has taken on a new dimension in the last 5 to 10 years. Today open source makes up 58% of software in the enterprise. In fact, 63% of companies in a 2021 survey indicated wanting to increase their use and engagement with open source.
Open source is everywhere and forms the digital infrastructure we rely on. The US issued a directive mandating more software supply chain security. The European Union is also working on similar legislation and guidelines. To address this challenge, you must understand how open source software is built. The process typically involves an open source project.
Selecting the right metric for your open source project
This article analyzes open source projects built by a community. While there are open source projects with only one maintainer or fully controlled by a company, those are excluded to focus on projects with a community.
The specific focus is on the challenges you may face and how to overcome them.
Community health check
Discovering the health of an open source project and making decisions has been a huge challenge. Our company, Bitergia, has a history of working on this issue for more than 15 years.
The authors are maintainers of the open source GrimoireLab metrics tools, and we're Official Metrics Partners of foundations like OpenInfra and NumFocus. When the interest grew in community health, we co-founded the CHAOSS project in 2017 as a cooperation with the Linux Foundation in collaboration between industry, academia, and open source.
Today, the CHAOSS community has defined more than 70 metrics and maintains software to get the insights you need. This article is a deep dive into these metrics to understand how they are measured.
CHAOSS metrics are divided into five working groups, each with focus areas.
1. Common metrics
- Goal: Understand what contributions organizations and people are making.
- Focus areas: Contributions, time, people, place, and more.
- One example metric: Type of contributions: Measure the types of contributions made.
2. Value metrics
- Goal: Identify the degree to which a project is valuable to researchers and academic institutions.
- Focus areas: Academic value, communal value, individual value, and organizational value.
- Example metric: Project velocity: What is the development speed for an organization?
3. Evolution metrics
- Goal: Aspects related to how the source code changes over time and the project's mechanisms to perform and control those changes.
- Focus areas: Code development activity, code development efficiency, code development process quality, issue resolution, and community growth.
- Example metric: New contributors: How many contributors are making their first contribution to a given project, and who are they?
4. Diversity, equity, and inclusion metrics
- Goal: Identify diversity, equity, and inclusion aspects of communities.
- Focus areas: Event diversity, governance, and leadership in the project and community.
- Example metrics: Time inclusion for virtual events where the organizers are mindful of attendees and speakers in other time zones.
5. Risk metrics
- Goal: Understand how active a community is in supporting a given software package.
- Focus areas: Business risk, code quality, dependency risk assessment, licensing, and security.
- Example metric: Elephant factor: What is the distribution of work in the community?
Build open communities
The Mozilla Foundation released a report in 2019 on the different types of open source projects, showing that each is created for a different reason, has different governance, chooses different licenses, and engages users and other developers to various degrees.
Your community is important, so checking in on it is essential. But what do you do once you've defined what to measure? How do you get the metrics, and once you have them, what do you do with them? The following article discusses the next steps.