April 05, 2023
A Mizzou Engineer is helping develop a new badging system that will give those in the open source software community an easy way to gauge a project’s diversity, equity and inclusivity.
Open source software (OSS) is software that allows anyone to view, modify and distribute source code. It powers operating systems, smart phones and mobile apps and is gaining in popularity as it helps organizations move innovations forward faster and more efficiently. Over the past several years, however, studies have shown that the community of those contributing to OSS projects don’t reflect the population at large.
To reverse that trend, the CHAOSS Badging Initiative will assign badges to individual projects showing potential users and contributors how diverse and inclusive they are, said Sean Goggins, professor of electrical engineering and computer science and co-founder of the Community Health Analytics Open Source Software (CHAOSS) project under the Linux Foundation.
Under the system, projects deemed most inclusive and friendly to all demographics will be assigned a platinum badge. Bronze, silver and gold badges will indicate that project leaders are committed to becoming more inclusive.
The new badging system will provide constructive, written feedback, mapped from the output of machine learning algorithms to help communities flag and address areas where the OSS community can improve, grow and thrive.
“The badging program involves scanning files in each project and providing a report,” Goggins said. “The report will look at inclusive language, responsiveness, contributor retention — all of the things we learn from the data we gather. It will help the community recognize what steps they can take to be more inclusive in their project approaches.”
The machine will be trained using information from 25 repositories known for building diverse and inclusive communities. Goggins stressed that humans will review the process to prevent bias from entering the training data. By mapping the probabilities generated by machine learning, which are similar to the probabilities in weather reports, to specific, actionable advice, Goggins team follows a philosophy of providing useful information without risking harm.
“Nobody wants a report saying their language is 10% as inclusive as other open source projects. Its more useful to provide examples of how to change phrasing in particular cases. It’s also nicer”, Goggins said.
Over the past year, Goggins has also been working with the “All In” project and its leader, Demetris Cheatem, to further gauge behaviors within different open source communities. He recently received funding from the Linux Foundation to continue survey work.
OSS Security
Since CHAOSS began in 2017, Goggins has also ensured open source projects are secure by implementing standard definitions and metrics for the OSS community.
He and co-founder Matt Germonprez, a professor from the University of Nebraska at Omaha, developed Augur, software that helps programmers and users assess and analyze the security of projects.
The importance of those metrics was amplified in September when the White House Office of Science and Technology Policy issued a memo calling for security within the software supply chain. While anyone can contribute to OSS coding, Goggins stressed that open source has become more important than ever in keeping software safe.
“Every piece of code that makes it into a distribution is reviewed by at least two people who are deeply familiar with all of the details of that project,” he said. “They review every proposed change. That prevents people from injecting malicious code that would undermine a given system.”
Augur also provides users with a software bill of materials that shows everything in the code, including dependencies and licenses on each piece of code.
“These are two important projects CHAOSS is working on — security within the software supply chain and equity,” Goggins said. “We want to help OSS stay secure and become more inclusive and diverse.”
Study computer science alongside experts in the field. Apply to Mizzou Engineering today!