Artwork

CHAOSS Project에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 CHAOSS Project 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.
Player FM -팟 캐스트 앱
Player FM 앱으로 오프라인으로 전환하세요!

Episode 84: Community Viability - how Verizon thinks about OSS risk

34:46
 
공유
 

Manage episode 418580977 series 2999267
CHAOSS Project에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 CHAOSS Project 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.

Thank you to the folks at Sustain for providing the hosting account for CHAOSSCast!

CHAOSScast – Episode 84

In this episode of CHAOSScast, Dawn Foster, Matt Germonprez, Alice Sowerby, and guest Gary White, Principal Engineer at Verizon’s OSPO office, delve into the world of viability metrics models developed for assessing the risks associated with using open source software components. Gary explains the creation process of these models, their application within Verizon for software evaluation, and the significance of engaging with the open source community to enhance project viability. The conversations also explore the challenges and considerations in deploying these metrics within organizations, emphasizing the blend of policy enforcement and cultural influence to manage open source software dependencies effectively. Press download now to hear more!

[00:02:30] Dawn asks Gary to elaborate on the choice of Verizon for the viability metrics models. He explains the creation of the first four metrics models for assessing risks in open source software components, and the development of a fifth model to simplify the original four. Also, he explains the importance of being quantitative about software library choices, influenced by a research paper from Carnegie Mellon and existing CHAOSS metrics.

[00:05:16] Gary mentions using Augur for metrics collection at Verizon and the benefits of tracking with CHAOSS tools.

[00:06:27] Matt asks Gary to provide an example of a metric used in the governance model, and he talks about the Libyears metric, which helps understand the total years behind all dependencies of a component, reflecting the risk associated with aging dependencies.

[00:07:50] Alice wonders about the “happy region” for the Libyears metric and its implications on risk assessment.

[00:09:25] Dawn asks Gary to discuss how these metrics are utilized at Verizon. He describes using these metrics to evaluate the viability of software at Verizon, including different use cases and dependency risks.

[00:11:39] Alice explores how Gary considers the context in which components are used when calculating risk.

[00:13:24] Matt asks about the process of engaging with the metrics models within the organization. Gary explains that the approach depends on several factors such as severity of finding, buy-in from the organization, and the organizational structure of the OSPO, and details the use of specific resources like the “endoflife.date.”

[00:18:07] Gary outlines how Verizon integrates risk management frameworks with organizational tools like dashboards to disseminate collected data and foster buy-in for automated systems.
[00:21:16] Alice asks Gary for advice on engaging with open source communities when viability metrics indicate potential issues. Gary highlights the importance of community and governance metrics in driving organizational support for critical open source projects.

[00:22:43] Gary shares his experience in the CHAOSS group, emphasizing the value of diverse opinions in developing and validating viability metrics models.

[00:24:33] Dawn highlights the significance of the discussions on viability and risk in the OSPO working group, emphasizing how these are critical concerns for OSPO leaders.

[00:25:24] Dawn inquires about how Verizon uses CHAOSS metrics beyond viability assessment, particularly in open source management. Gary discusses leveraging CHAOSS metrics across various teams to judge component use and risk profiles and explains Verizon’s approach to using metrics involving both an educational component and a policy component.

[00:27:33] Gary talks about focusing on the ongoing efforts to integrate and optimize the Augur system at Verizon, acknowledging Sean Goggins for his assistance, and expresses a desire to contribute back to the community, and exploring new metrics to trace and predict significant events in the open source ecosystem.

Value Adds (Picks) of the week:
[00:30:29] Dawn’s pick is going on an Afternoon Tea London Sightseeing Bus Tour with friends.
[00:31:07] Matt’s pick is reflecting on the value of attending conferences and meeting people.
[00:32:10] Gary’s pick is the support from the Augur team, attending conferences, and meeting people.
[00:32:51] Alice’s pick is attending OSSNA in Seattle.

Panelists:
Dawn Foster
Matt Germonprez
Alice Sowerby

Guest:
Gary White

Links:

CHAOSS

CHAOSS Project X/Twitter

CHAOSScast Podcast

podcast@chaoss.community

Dawn Foster X/Twitter

Matt Germonprez X/Twitter

Alice Sowerby LinkedIn

Gary White LinkedIn

“We Feel Like We’re Winging It”: A Study on Navigating Open Source Dependency Abandonment (ACM Digital
Library)

Libyears

endoflife.date

CHAOSS-Topics: All Metrics Models

CHAOSS-OSS Project Viability Starter

CHAOSS-Augur NEW Release v0.63.3

Classic Afternoon Tea London Sightseeing Bus Tour

Open Source Summit North America 2024 Seattle

Special Guest: Gary White.

Support CHAOSScast

  continue reading

97 에피소드

Artwork
icon공유
 
Manage episode 418580977 series 2999267
CHAOSS Project에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 CHAOSS Project 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.

Thank you to the folks at Sustain for providing the hosting account for CHAOSSCast!

CHAOSScast – Episode 84

In this episode of CHAOSScast, Dawn Foster, Matt Germonprez, Alice Sowerby, and guest Gary White, Principal Engineer at Verizon’s OSPO office, delve into the world of viability metrics models developed for assessing the risks associated with using open source software components. Gary explains the creation process of these models, their application within Verizon for software evaluation, and the significance of engaging with the open source community to enhance project viability. The conversations also explore the challenges and considerations in deploying these metrics within organizations, emphasizing the blend of policy enforcement and cultural influence to manage open source software dependencies effectively. Press download now to hear more!

[00:02:30] Dawn asks Gary to elaborate on the choice of Verizon for the viability metrics models. He explains the creation of the first four metrics models for assessing risks in open source software components, and the development of a fifth model to simplify the original four. Also, he explains the importance of being quantitative about software library choices, influenced by a research paper from Carnegie Mellon and existing CHAOSS metrics.

[00:05:16] Gary mentions using Augur for metrics collection at Verizon and the benefits of tracking with CHAOSS tools.

[00:06:27] Matt asks Gary to provide an example of a metric used in the governance model, and he talks about the Libyears metric, which helps understand the total years behind all dependencies of a component, reflecting the risk associated with aging dependencies.

[00:07:50] Alice wonders about the “happy region” for the Libyears metric and its implications on risk assessment.

[00:09:25] Dawn asks Gary to discuss how these metrics are utilized at Verizon. He describes using these metrics to evaluate the viability of software at Verizon, including different use cases and dependency risks.

[00:11:39] Alice explores how Gary considers the context in which components are used when calculating risk.

[00:13:24] Matt asks about the process of engaging with the metrics models within the organization. Gary explains that the approach depends on several factors such as severity of finding, buy-in from the organization, and the organizational structure of the OSPO, and details the use of specific resources like the “endoflife.date.”

[00:18:07] Gary outlines how Verizon integrates risk management frameworks with organizational tools like dashboards to disseminate collected data and foster buy-in for automated systems.
[00:21:16] Alice asks Gary for advice on engaging with open source communities when viability metrics indicate potential issues. Gary highlights the importance of community and governance metrics in driving organizational support for critical open source projects.

[00:22:43] Gary shares his experience in the CHAOSS group, emphasizing the value of diverse opinions in developing and validating viability metrics models.

[00:24:33] Dawn highlights the significance of the discussions on viability and risk in the OSPO working group, emphasizing how these are critical concerns for OSPO leaders.

[00:25:24] Dawn inquires about how Verizon uses CHAOSS metrics beyond viability assessment, particularly in open source management. Gary discusses leveraging CHAOSS metrics across various teams to judge component use and risk profiles and explains Verizon’s approach to using metrics involving both an educational component and a policy component.

[00:27:33] Gary talks about focusing on the ongoing efforts to integrate and optimize the Augur system at Verizon, acknowledging Sean Goggins for his assistance, and expresses a desire to contribute back to the community, and exploring new metrics to trace and predict significant events in the open source ecosystem.

Value Adds (Picks) of the week:
[00:30:29] Dawn’s pick is going on an Afternoon Tea London Sightseeing Bus Tour with friends.
[00:31:07] Matt’s pick is reflecting on the value of attending conferences and meeting people.
[00:32:10] Gary’s pick is the support from the Augur team, attending conferences, and meeting people.
[00:32:51] Alice’s pick is attending OSSNA in Seattle.

Panelists:
Dawn Foster
Matt Germonprez
Alice Sowerby

Guest:
Gary White

Links:

CHAOSS

CHAOSS Project X/Twitter

CHAOSScast Podcast

podcast@chaoss.community

Dawn Foster X/Twitter

Matt Germonprez X/Twitter

Alice Sowerby LinkedIn

Gary White LinkedIn

“We Feel Like We’re Winging It”: A Study on Navigating Open Source Dependency Abandonment (ACM Digital
Library)

Libyears

endoflife.date

CHAOSS-Topics: All Metrics Models

CHAOSS-OSS Project Viability Starter

CHAOSS-Augur NEW Release v0.63.3

Classic Afternoon Tea London Sightseeing Bus Tour

Open Source Summit North America 2024 Seattle

Special Guest: Gary White.

Support CHAOSScast

  continue reading

97 에피소드

모든 에피소드

×
 
Loading …

플레이어 FM에 오신것을 환영합니다!

플레이어 FM은 웹에서 고품질 팟캐스트를 검색하여 지금 바로 즐길 수 있도록 합니다. 최고의 팟캐스트 앱이며 Android, iPhone 및 웹에서도 작동합니다. 장치 간 구독 동기화를 위해 가입하세요.

 

빠른 참조 가이드