Software Quality Assurance and Trustworthiness

Software Quality Assurance and Trustworthiness

We are dedicated to improve the perceived quality of the code which is downloaded from OW2. Having good quality code and a good reputation for code is essential for the success and the growth of OW2. It is also essential for the growth of the downloads and the dissemination of the OW2 code.

SQuAT And Its Evolution

Throughout 2016, SQuAT will evolve into a brand new quality program thanks to the addition of new analysis capabilities provided to us through the RISCOSS EC-funded program. RISCOSS was initiated to address issues raised by communication equipment manufacturers looking to integrate open source code into their products. The objective of RISCOSS is to assist conventional companies in overcoming the fear of adopting open source software. With RISCOSS we will provide additional information on OW2 projects thus increasing the confidence they can have in the code base. 

SQuAT Today

The efforts will primarily target the mature projects. Our perpective is that the "SQuAT" (Software Quality Assurance and Trustworthiness) has 2 sides:

  1. concentrate on the quality of the code itself 
  2. concentrate on the IP of the code

To do that, we will endeavour to integrate tools to help projects produce reports on the quality of the code, and on the quality of the IP. We will incorporate in our governance process the fact that, for a project to be moved from incubation to mature, we will require the project to produce the report on the quality of the code and on the IP compliance. Here is how we actually do SQuAT.

Code Quality

Code quality will be assessed using the following tools: 

We are also evaluating the methods, processes and tools provided by Trustie: OW2 will become a user of the Trustie processes to enhance the quality of our software. A first installation of the Trustie Software Resource Repository on the OW2 infrastructure was done in November 2012 with the help of Peking University.

IP attached to the code

IP verification tools to be used (use of these tools by OW2 has been already agreed by tools providers) include:

We require mature projects to publish all SQuAT reports, and leave the final user the final decision (OW2 is not a certification office). 

Acknowledgements

This programme benefits from help from Qualipso, FOSSology at HP (and originally OSUOSL), Antelink and Peking University, without which it would not have been possible. SQuAT next generation will draw significantly from the RISCOSS EU-funded program.