North Bridge and Black Duck published last January their 2016 Future of Open Source Survey Results with a lot of interesting conclusions. Maybe the biggest one it’s that Open Source continue gaining force inside the IT business, but its management is chaotic because the lack of process.
Most common problems related on the survey were:
- Nearly 50% of companies have not formal policy and process for selecting and approving open source code.
- One of the major problems of that is security. 47% don’t have a formal process in place to track the code and only 19% of vulnerabilities are detected and fixed automatically.
- Nearly 1/3 has no process for identifying tracking or solving known open source vulnerabilities.
- Over 1/2 companies has no responsible to identify and tracking remediation.
Software development as processes you can track
Software development is a process that you can track to have entire visibility of what is being done in a project or the contribution of each team player.
When measuring software development in your company, there are three main purposes to use metrics: check on going work, lead process improvement and motivational aspects.
- Check on going work: this helps to understand where the development is right now. To be aware of the status helps to understand how fast things are changing when a new process is in the pipeline.
- Lead process improvement: From a hierarchical way to a flatter way of working, software development needs indicators to help to determine if that process improvement is properly working. And if this is not working, then using another approach or apply other policies.
- Motivational aspects: metrics can help you to improve meritocracy and transparency in your organization. Metrics will let developers know where they are and how their process is working, but also to have some fun within the work and competitions through challenges, hackathons and other measurable activities that lead to a more community-oriented organizations.
How do we track inner source software projects?
We’ve been developing metrics dashboards and consultancy for 5 years for open source projects. We’ve worked for companies such Red Hat or the Linux Foundation and our work with them is always focus on target and measure their goals.
We use Goal-Question-Metric Approach to establish with our clients which metrics are relevant to track the goals they have set up over the process, the code and the motivational aspects.
When analyzing software development projects, there are several areas that can be analyzed. Traditional analysis are focused on code metrics (code quality analysis), while the activity, community and processes are also key components to take into account. We use tools such Grimoire Lab to track different sources of activity around a project.
We are able to track:
- Activity: this component focuses on the basics. Any developer when interacting with the infrastructure of the organization leaves traces of activity. From commits to emails, from tickets activity to code review actions. Measuring activity means quantifying the basic traces left by the developers. And when this information is aggregated and calculated over time, it is possible to obtain trends about this type of information.
- Community: people are key when talking about open source and contribution so we need to measure how people interact with other contributors. Although this is again measured through the traces left by the developers, the analysis proposed are pretty focused on the people and how they build their own social networks. As each developer has her own interests, it is necessary to understand how developers are attracted and retained in a project. What policies are more successful than others when attracting those and who are leaders in the software development process.
- Process: Process can be defined as the bureaucracy followed by the developers to write a piece of code. When you´re inner sourcing, that is, doing open source styled development at your company, process is quite similar to open source communities where code style, documentation, code review process, continuous integration, design meetings are part of this process. The main difference here is how developers directly interact with other developers, even being from different business units, even been far away geographically. That interaction is the one we need to polish and improve if we want to increase the quality and velocity of the development process.
- Code: this aspect of the analysis is probably a well known one and there are several tools to do it. Grimoire Lab is focus on the 3 previous aspects. There are usual metrics that determine the complexity of the code, modularity, test coverage, documentation coverage, and others. What we have when measuring this type of metrics is that we can control where our inner source method is leading those metrics. Increases in the code complexity or less test coverage may indicate unexpected behaviors that should be fixed and controlled.
Online dashboards for monitoring
We offer our clients online dashboards with the metrics we’ve established on a consultancy previous process.
With those, we will be able to have almost real time metrics of the code contributions by channel, time lapse to fix an issue, main contributors on code and on mail lists with the time dimension you chose.
Here you have an example from OPNFV project from Linux Foundation. Please, visit it and grab the metrics you want by yourself.
Our book to learn and to start managing inner source projects
We are writing an open book about how to manage inner source at your company.
We can help you with our metric and dashboards. But, In the meanwhile, please, take a sit and enjoy the lecture and if you are going to OSCON, don’t miss our talk there: Are you succeeding when InnerSourcing? Defining a metrics strategy!!!