Discussing, designing and building the next step for the open integrity index collection of metrics which impact end-user security and privacy.
The Open Integrity Index aims to address a blind spot that has existed in the OSS community for decades. Its goal is to raise the quality of code and ensure good development practices are followed to raise the standard of application security and end user privacy.
It will provides a framework for the measurement of software project practices and develops automated measurement tools, qualitative reviewing workflows, open metric taxonomies and an open data repository. It will help the users of these metrics to create detailed scorecards that are backed by evidence and verified through a peer review process. It can become a source of ground truth for software users and support trainers, advocates, funders and policy makers in their efforts to improve end-user security and privacy. It will aggregate, synthesise and makes accessible information that covers different range of practices which impact user’s security and privacy, for instance by conveying the important aspects of security audits, usability reviews or terms of services.
In order to do so, it seeks to establish partnerships with reputable partners who are engaged in measurement efforts and agree to pool their efforts to develop open tools and produce open data.
Measurement Partners will contribute to and adopt a common metrics metadata format to help aggregate metrics according to a common taxonomy. Measurement partners will be chosen according to the following criteria:
- Use of free software or open source collector agents.
- Hosting and management of their own collection infrastructure.
- Publication of data with an open data licence.
Open Integrity Index will work together with Measurement Partners who are interested in extending their collector software capabilities and/or their collection infrastructure and aim to provide financial support for such projects. In particular Open Integrity Index will aim to support the development of metrics which cover the following range of concerns:
- Project level metrics (a la black duck Open Hub)
- Package and Libraries metrics (specifically around dependencies)
- Infrastructure metrics
- Documentation metrics
- Usability metrics
- User review metrics
- Legal metrics
- Human Rights policies and practices metrics
- Security audit metrics
- Net Neutrality
The Open Integrity Initiative does not mean to replace but instead coordinate or articulate existing efforts and facilitate the circulation of data and the development of analyses that can be used for informing the public and other key stakeholders.
This is a list of organisations and projects which we have identified and consider as essential part of the ecosystem and that we will reach out to (or have already contacted).
- Libraries.io
- Core Infrastructure Initiative Census
- EFF Secure Messaging Scorecard
- Guardian Project Privacy Badges
- Open Hub
- GHTorrent
- TOSDR, TOSBack
- Ranking Digital Rights
- Measurement Lab
- OONI
- Tactical Tech
- Second Muse
- iSec Partners
- Cure53
- Shadow Servers
- ...