SQuAT (Software Quality Assurance and Trustworthiness) Session

Schedule: Wednesday Nov 23, 01:00 - 04:00pm.
Room: Cournot
Session Chair: Cedric Thomas, OW2
Description: SQuAT is OW2 quality program, an initiative launched in 2011 with the aim to improve code quality by enforcing tests on OW2 mature projects. The session will cover the SQuAT methodologies and tools through the experience of OW2 projects. The session will discuss the status and outlook of the SQuAT program.


1. Helping development teams to manage FOSS during the whole development process.

Schedule: 01:00 - 01:30
Speaker: Freddy Munoz, Antelink
Abstract: Today, most software development teams use free and open source software (FOSS) components, because it increases the speed and the quality of the development. Many open source components are the de facto standard of their category. However, FOSS has licensing restrictions, and corporate organizations usually maintain a list of allowed and forbidden licenses. But how do you enforce this policy? How can you make sure that ALL files in your source repository, either belong to you, or fit your licensing policy?
A first, preventive approach is to train and increase the awareness of the development team to these licensing issues. Depending on the size of the team, it may be costly but necessary.
However, this does not ensure that a single individual will not add a forbidden icon or library, and jeopardize the legal status of the whole release — or the company, since software is becoming more and more a critical asset. Another approach is to verify what is included in the source repository, and check whether it belongs to the open-source world.
This can be done on-the-fly, whenever a new file is added into the source repository. It can also be part of the release process, as a verification step before publishing the release. In both cases, there are some tools to automate the detection process.
This talk explores the various options regarding FOSS detection, how this process can be integrated in the "software factory", and how the results can be displayed in a usable and efficient way.

2. The Introduction of Management of Trustworthiness Software Resource

Schedule: 01:30 - 02:00
Speaker: Junfeng ZHAO, Pekin University
Abstract: To manage trustworthiness software resource is important for trust software development. We will introduce a method to evaluate the trustworthiness of software resource, such as Java API and Web service. Then, we will give an instance that has been realized in the software resource library, named as TSR (Trustie Software Resource Repository). TSR can be used as a component managing tool which provides mechanism to describe, collect, evaluate, classify and manage software resources’ trustworthiness, to support trust software development. The TSR has been published on OW2 on July, 2010. 

3. Open source compliance toolset and FOSSology

Schedule: 02:00 - 02:30
Speaker: Bruno Cornec, HP and Alexandre Lefebvre, OW2
Abstract: FOSSology (http://fossology.org ) is an open source compliance toolset that provides software license and copyright discovery. Every file submitted to the FOSSology system is saved in a file repository, scanned, and results are stored in a database.  
A web user interface displays results while the database and file repository remain for future scans and data mining.
The presentation will cover the major features of the tool, the latest news of the 1.4.1 version, feedback from OW2 FOSSology usage, as well as the roadmap for the coming 2.0 version.

4. SONAR, Qualipso OMM, OW2 project reports

Schedule: 02:30 - 03:00
Speaker: Alexandre Lefebvre
Abstract: As part of the OW2 SQuAT programme, all OW2 Mature projects will have to publish a SONAR analysis report of their source code, and to perform a quality assessment using Qualipso OMM (OpenSource Maturity Model). For this, we have developed an OW2 SONAR profile. We will discuss the OW2 SONAR profile, and the first results of applying this OW2 SONAR profile on pilot OW2 projects. We will also review the EasyBeans pilot for Qualipso OMM, review the methodology for performing Qualipso OMM evaluations, and discuss the associated scoring.

5. Developing community management metrics and tools for OW2

Schedule: 03:30 - 04:00
Speaker: Minghui Zhou, Pekin University
Abstract: Processes that limit the size or potential of our community limit our products. Conversely, making it easier for people to cooperate, collaborate, experiment and play enhances the community's capacity.
We set out to improve contributor's productivity and product quality, and to improve the general understanding of issue-tracking practices. We develop community management metrics to measure contributors, projects, and their interaction, such as technical climate, project relative sociality,and their influences for newcomers. We introduce a visualization tool to reverse-engineer and improve issue-tracking practices. Using GNOME project data we demonstrate how our tool can be used to discover the evolution of issue tracking practices.