Start: 1pm; End: 1:32pm (U.S. Central Time)

• We have three events (Wiki will have most up-to-date information)
• Monday, September 11 • 11:00am - 11:40am “Open Development Analytics: A Step Forward in Project Transparency” http://sched.co/Bsb2
  • Joint talk for the CHAOSS Committees
  • Jesus and Matt coordinate speakers
  • Other speakers might have one slide to present their work in 2 minutes
• Monday, September 11 • 5:40pm - 6:20pm “BoF: Community Health Analytics for Open Source” http://sched.co/BCsP
  • Short 40 minute Bird of a Feather
  • Focus is on community building and probably less on refining metrics
  • Matt will share slides on mailing list
• Tuesday, September 12 • 2:00pm - 4:00pm “Breakout room to continue the work from the BoF” in room Diamond ballroom Salon 2 (~30 people)
  • Goal: Refine the “Growth - Maturity - Decline” metric
  • Currently not on schedule, but we will request to have it added
• Can we record any of the sessions - maybe live stream?
  • We will ask everyone at the beginning of the session and then use personal devices to record/stream the session for those who cannot be present

• How can we connect the work of the CHAOSS Metrics Committee with CII?
• Background information on CII Schedule: badging work took longer, so the census 2.0 is delayed
  • Census 2.0 asks: What is important and which projects are we interested in from a security perspective
  • CII Census is focusing on dependency analysis (beyond counting downloads)
• Important questions
  • “What project is important?” - within larger ecosystem (= planet earth)
    • There are different ecosystems between software languages
  • “Which projects are critical from a security standpoint?”
• Dependencies analysis data:
  • What ever data is available from package managers
  • Teaming up with libraries.io
    • GHdata will share insights into using libraries.io data on the mailing list
• Goal of CII: Quantified and justifiable answers
• Risk analysis?
  • Risk from a security perspective
  • More focus on unintentional risk
  • Avoid similar events to Heartbleed
  • CVE's are interesting but the quantitative number is not interesting in itself
  • Generating proper CPE's is a challenge - NIST wants to move away but the tooling is dependent on CPE right now

• We have three spaces for the CHAOSS Project
  1. Website - (not yet online)
  2. Wiki - https://wiki.linuxfoundation.org/chaoss
     • We will move the CHAOSS Metrics Committee wiki over to the new namespace
  3. GitHub Reposiory - https://github.com/chaoss
     • Reference implementations will have a repository here
     • The metrics will have a repository, especially for versioning of SQL queries and other specifications
     • We will move content from the wiki to GitHub to declutter the wiki
     • Our repository will likely be a collection of markdown files
• The founding of the CHAOSS Project will be announced in a blog post soon. Anyone who wants to be listed as a founding member should contact Kate or Ray to be included on the blog post

(alphabetical order)

• Alex Courouble - Université de Montréal
• Andy Leak - Independent software developer
• Brian Proffit - Red Hat
• David Wheeler - Core Infrastructure Initiative
• Georg Link - University of Nebraska at Omaha
• Kate Stewart - Linux Foundation
• Kevin Lumbard - University of Nebraska at Omaha
• Matt Germonprez - University of Nebraska at Omaha
• Ray Paik - Linux Foundation, OPNFV
• Sean Goggins - University of Missouri
• Tom Mens - University of Mons
• Zvi B. - Independent software developer