OMM BPC cross-analysis
OMM sections
- PDOC: Project documentation
- STD: Use of Established and Widespread Standards
- QTP: Quality of the Testing Process
- LCS: Licenses and IP
- ENV: Software Environment
- DFCT: Commits and bug reports
- MST: Maintainability and Stability
- CM: Configuration/Version Management
- PP: Project Planning
- REQM: Requirements Management
- RDMP: Roadmap
- STK: Stakeholders
- CLD: Cloud Deployment
Cross-analysis
OMM | MISS | PDOC | STD | QTP | LCS | ENV | DFCT | MST | CM | REQM | RDMP | STK | CLD | ||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Best Practices Criteria | |||||||||||||||
MISS | X | X | X | X | X | ||||||||||
Basics | Project website | X | |||||||||||||
Basic project website content | X | ||||||||||||||
FLOSS license | X | X | |||||||||||||
Documentation | X | ||||||||||||||
Other:
| |||||||||||||||
Change control | Public version-controlled source repository | X | |||||||||||||
Version numbering |
| X | |||||||||||||
Release notes (ChangeLog) |
| X | |||||||||||||
Reporting | Bug reporting process | X | |||||||||||||
Vulnerability reporting process | X | ||||||||||||||
Quality | Working build system | X | |||||||||||||
Automated test suite | X | ||||||||||||||
New functionality testing | X | ||||||||||||||
Warning flags | X | ||||||||||||||
Security | Secure development knowledge | X | |||||||||||||
Good cryptographic practices | X | ||||||||||||||
Secured delivery mechanism | X | ||||||||||||||
Publicly known vulnerabilities fixed | X | ||||||||||||||
Other security issues | X | ||||||||||||||
Analysis | Static code analysis |
| |||||||||||||
Dynamic analysis | X | ||||||||||||||
Future | Installation | ||||||||||||||
Reproducible build | X | ||||||||||||||
Crypto network | X | ||||||||||||||
Crypto certificate | X | ||||||||||||||
Hardening | X |
OMM
Project Documentation
Purpose: Develop and maintain project documentation, making it readily accessible to the community
Asset documentation | Documentation related to assets need to be provided and properly maintained. Access needs to be provided for the community and relevant stakeholders. | |
---|---|---|
PDOC-1.1 | Does the project create a development documentation? |
|
PDOC-1.2 | Does the project create user documentation? |
|
PDOC-1.3 | Does the project create generic documentation? |
|
Documentation maintenance | ||
PDOC-2.1 | Does the project provide a documentation system? |
|
PDOC-2.2 | Does the project maintain the documentation based on the collected user feedback? |
|
Documentation improvement | Quality and scope of the project and asset documentation should be continuously improved. | |
PDOC-3.1 | Does the project have a documentation roadmap? | Check the availability of documentation aspects in the roadmap of the project|Ensure that the documentation is appropriate for the version of the product |
PDOC-3.2 | Does the project improve documentation through support of several natural languages? | Check the availability of the documentation in different languages |
PDOC-3.3 | Does the project improve intrinsic quality of documentation? | Check if the documentation is better than before |
PDOC-3.4 | Improve documents based on feedback and on evaluation | Check “Change History” of documents for improvements based on feedback from users or evaluation |
Use of Established and Widespread Standards
Purpose: Promote the use and implementation of Open Standards for product and process
Use of open standards | ||
---|---|---|
STD-1.1 | Does the project implement widely accepted open product standards? | Look for implementation of open standards in the area of:
|
STD-1.2 | Does the project implements standards certified by FLOSS-supporting certification entities? | The project implements standards proposed by the following certification entities: IETF, IEEE, OASIS, W3C, Free Standards Group, other FLOSS supporting entities |
STD-1.3 | Does the project identify clearly the standards relevant to the product? | |
Strategic independence | To ensure the sustained viability of a project and to improve interoperability with other projects, measures should be taken to make assets and processes independent of proprietary solutions. | |
STD-2.1 | Does the project ensure independence from specific technologies? |
|
Quality of the Testing Process|Purpose: Provide and implement a high quality testing process
Quality of the test plan | ||
---|---|---|
QTP-1.1 | Does the project ensure that the test plan covers functional testing? | |
QTP-1.2 | Does the project ensure that the test plan covers non-functional testing (as demanded by the project; see below)? |
|
QTP-1.3 | Does the project ensure that the test plan covers different testing approaches? |
|
QTP-1.4 | Does the project define test cases and testing criteria? |
|
Managed testing process | ||
QTP-2.1 | Does the project conduct tests in regular intervals according to plan? |
|
QTP-2.2 | Does the project ensure that the test results are documented and available? |
|
Testing process improvement | The following objectives aim on helping projects to continuously improve their test processes. | |
QTP-3.1 | Does the project include test cases, test results and consider comments from stakeholders of the FLOSS project? |
|
Licenses, Copyright and IP Management
Purpose: Ensure the project has appropriate intellectual property policy, selects appropriate licenses and copyrights and manage them satisfactorily. The text in this section does not constitute legal advice. It is important to make clear what licenses we are talking about or more precisely what components need to be taken into account. It is not just the components "in the repository" (or "in the source folders or archives"). One has to look at libraries, and the components the software will be linked to.
Asset license management | ||
---|---|---|
LCS-1.1 | Has the project evaluated available choices against licenses already used inside the FLOSS project, or the license strategy/policy inside the company when choosing its license? | For communities:
For integrators policy/strategy:
|
LCS-1.2 | Does the project clearly manage its licensing conditions? | The project clearly displays a license notice on its website.|The complete license text is available with the product.|Licensing conditions and their implications are unambiguously described. In particular for purposes of software integration and further linking to other products / components.|All files have a license explicitly stated at each file (otherwise at file level it is difficult to decide whether a files does not have a license or if the license is inherited from the project). Number of files with no explicitly listed license/modules (evolution ratio). |
Copyright management and management of intellectual property | ||
LCS-2.1 | Has the project selected appropriate copyright and IP policy? |
|
LCS-2.2 | Does the project clearly manage its copyright and IP policy? |
|
Improved diffusion of FLOSS | ||
LCS-3.1 | Ensure that the product does not contain or use components that are not distributed under a FLOSS license (and the licenses of the components need to be compatible) | |
LCS-3.2 | The license(s) is(are) endorsed by the OSI (http://www.opensource.org/licenses) |
ENV: Environment
Purpose: Provide development resources such as operating system, language compilers, development tools, communication tools, ideally all tools should be FLOSS-compliant and interoperable
Provisioning of development resources and infrastructure | ||
---|---|---|
ENV-1.1 | Does the project ensure availability of software tools and environment required for development? |
|
ENV-1.2 | Does the project ensure availability of methodologies required for development? |
|
ENV-1.3 | Are there integrated management and communication tools used by the project (select the tool relevant to the project, see examples below)? | BlueFish|Anjuta|Glade|GCC|Kdevelop|GDB|KompoZer|Eclipse|The project is well integrated in important forges |
Continuous maintenance of the project environment | ||
ENV-2.1 | Can users suggest modifications to the environment? |
|
ENV-2.2 | Does the project maintain the development environment corresponding to each maintained FLOSS version? | list of tools used for a version and the tools themselves |
Encouragement to use FLOSS tools | ||
ENV-3.1 | Does the project gradually phase out commercial development resources and tools in favour of FLOSS equivalents? |
|
Maintenance of defects, commits, and other contributions
Purpose: Specifically analyze the activity related to source code commits and bug reports provided to the project
Asset maintenance | ||
---|---|---|
DFCT-1.1 | Does the project implement good FLOSS maintenance practices? |
|
DFCT-1.2 | Does the project maintain the most often used older versions of the product? |
|
Environment for contribution of bug reports and commits | ||
DFCT-2.1 | Does the project provide a standardized and well-documented contributing mechanism? | Corrections to source code and new code can be contributed easily|Bug reports can be contributed easily|Corrections to documentation can be contributed easily|Suggestions for new features can be contributed easily|The defect reporting system is well aligned with the development environment |
Management of contributions, commits, and bug reports | ||
DFCT-3.1 | Does the project manage the defect reports? |
|
DFCT-3.2 | Does the project create and maintain a data repository of closed defects? |
|
Encouragement of defect reporting | ||
DFCT-4.1 | Does the community respond efficiently to defect reports? | Efficiency of response time related to resolving defects Efficiency of response related to source code inclusion into the new distribution |
DFCT-4.2 | Does the project offer specific recognition to users who report defects? | The project grant users voting privileges inside the community|Users reporting defects are singled out in mailing lists, forums, etc. |
Maintenance of non-functional properties
Purpose: Specify, develop and maintain non-functional requirements for the project (e.g. maintainability, stability)
Asset quality plan reflects non-functional requirements | ||
---|---|---|
MST-1.1 | Does the project ensure that design and code are maintainable and stable (e.g. through best practices)? |
|
MST-1.2 | Does the project assess the interoperability and compatibility of old and new versions of the product? | |
MST-1.3 | Does the project conduct stability tests on different software and hardware systems? |
|
Asset maintenance management | ||
MST-2.1 | Does the project enforce good maintainability of the software? |
|
MST-2.2 | Does the project maintain the most often used older versions of the product? | Number of old versions that are actively maintained > 0|Duration for which old versions of the product are maintained adapted to user requirements |
Configuration / Version Management|Purpose: Establish and maintain the integrity of the product and its releases
Release management efficiency | ||
---|---|---|
CM-1.1 | Does the project identify configuration items? | |
CM-1.2 | Does the project use a configuration / version management system (SVN, Git, etc.)? |
|
CM-1.3 | Does the project manage releases? | Availability of releases|Description of releases |
Tracking and control of changes | ||
CM-2.1 | Does the project track change requests? | |
CM-2.2 | Does the project control changes in configuration items? |
|
Integrity of asset releases | ||
CM-3.1 | Does the project manage configuration management records? |
|
Cloud Deployment
Purpose: assess cloud deployment readiness throuh quality requirements that have to be met in order to ensure that a project delivers deployable assets (binaries, images, templates) within a cloud marketplace such as AppHub.
CLD-1.1 | Does the project provide cloud templates or images that are ready for deployment? |
|
CLD-1.2 | Does the project provide deployable templates / images versions that are aligned with the project's releases? |
|
CLD-1.3 | Does the project define a procedure for managing the deployable templates / images (e.g. as part of the configuration / release management)? |
|
CLD-2.1 | Does the project provide evidence that the deployable assets function correctly? |
|
Project Planning
Purpose: Estimate and plan project activities
Estimates | ||
---|---|---|
PP-1.1 | Does the project define its scope? |
|
PP-1.2 | Does the project define its release plan? | |
PP-1.3 | Does the project estimate efforts? |
|
Project plan | ||
PP-2.1 | Does the project establish the schedule or milestone plan? |
|
Requirements Management|Purpose: Establish and maintain Requirements
Purpose: Establish and maintain Requirements
REQM-1 | Does the project have a way to define relevant requirements? |
|
REQM-2 | Does the project manage requirement changes? |
|
Roadmap
Purpose: Create and maintain product roadmap
RDMP-1 | Does the project define responsibility for the roadmap? | Define responsibility of developers involved in the definition and management of the roadmap |
RDMP-2 | Does the project efficiently manage its roadmap? |
|
RDMP-3 | Does the project define different types of releases? |
|
Stakeholders|Purpose: Plan and manage stakeholder involvement
Stakeholders management planning | |||
---|---|---|---|
STK-1.1 | Does the project identify its stakeholders (users, contributors, community)? | ||
STK-1.2 | Does the project share information with its stakeholders? | Ways to inform the stakeholders (website, mailing lists, newsletter, …) | Regular meetings of key stakeholders and dates for future meetings |
STK-1.3 | Does the project monitor the communication traffic inside the community? |
| |
Stakeholders involvement management | |||
STK-2.1 | Does the project encourage stakeholders to participate in the meetings where they are required? |
| |
STK-2.2 | Does the project measure regularly communication inside the community? |
| |
STK-2.3 | Does the project measure the response rate inside different communication channels? |
| |
Stakeholders involvement improvement | |||
STK-3.1 | Does the project measure the response level inside different communication channels and propose improvements? | ||
STK-3.2 | Does the project improve the management style inside the project? |
| |
STK-3.3 | Does the project improve the communication level inside the community? |
|