compliance and risk metrics extending chaoss
play

Compliance and Risk Metrics: Extending CHAOSS Sean Goggins, Matt - PowerPoint PPT Presentation

Jan 20, 2023 •171 likes •326 views

Compliance and Risk Metrics: Extending CHAOSS Sean Goggins, Matt Germonprez & Kate Stewart Working in an Open Community... CHAOSS Mission Establish implementation-agnostic metrics for measuring community activity, contributions, and

  1. Compliance and Risk Metrics: Extending CHAOSS Sean Goggins, Matt Germonprez & Kate Stewart

  2. Working in an Open Community...

  3. CHAOSS Mission Establish implementation-agnostic metrics for measuring community activity, contributions, and health. Produce integrated, open source software for analyzing software development in terms of these metrics.

  4. Metrics Committee Diversity-Inclusion Growth-Maturity-Decline Risk Value wiki.linuxfoundation.org/chaoss/metrics

  5. Diversity and Inclusion are known to challenge unchecked assumptions and lead to more open and fair collaboration practices. An OSS community has states: Growth, Maturity, and Decline . The state that a community is in may prove important when evaluating both across and within community concerns. The Risk metric informs how much risk an OSS community might pose. The evaluation of risk depends on situation and purpose. Developers and organizations capture Value from engaging in OSS communities. This set of metrics can inform what this value is.

  6. Cases: Procurement Supply Chain Metrics Stakeholders 1. Developer Metrics 2. Contract Lawyer Metrics a. Licensing b. Software Bill of Materials 3. Consumers of software products, Especially Safety Critical opensource.com a. Badging to show that some kind of enterprise best practices are followed. b. Accountability at the other end of the supply chain c. Software bill of materials

  7. CHAOSS Mission Risk: 1. Likelihood of loss 2. Impact of loss Impact of Loss Likelihood of Loss

  8. Software Considerations in a Trustworthy Device Trustworthy Device –a medical device containing hardware, software, and/or programmable logic that: (1) is reasonably secure from cyber security intrusion and misuse; (2) provides a reasonable level of availability, reliability, and correct operation; (3) is reasonably suited toperforming its intended functions; and (4) adheres to generally accepted security procedures . What is Reasonably secure? fossbytes.com

  9. Risk Questions: Risks to using software 1. What is the quality of your code? 2. Are you allowed to use it? 3. When you use it is it safe? 4. Can you be subverted in the future?

  10. Projects 1. SPDX, FOSSology, DOSoCS 2. Zephyr: Safety and Security 3. ELISA: Enabling linux in safety critical applications 4. CII: Security best practices a. Extend or expand into quality and licensing? b. Ecosystem needs to support more than security c. Quality

  11. Five Domains of Risk 1. Accurate Identification 2. Code Quality 3. Cybersecurity 4. Safety critical use 5. Licensing xkcd

  12. Risk Metrics: Next Steps 1. Who is interested in working in these domains? 2. Which domains? 3. What are some metrics you would like to see in the domains that are interesting and important to you? 4. Are there areas of risk that are important to consider that are not listed here?

  13. Online Live Survey Added later.

  14. Thank You

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Role of Board, CEO & Senior Management CAFRAL Conference of Heads of Compliance April 15,

Role of Board, CEO & Senior Management CAFRAL Conference of Heads of Compliance April 15,

Managing Compliance Risk Role of Board, CEO & Senior Management CAFRAL Conference of Heads of Compliance April 15, 2013 1 Compliance Risk Basel Committee defines Compliance Risk as the risk of legal or regulatory sanctions,

632 views • 13 slides
Compliance & Risk management C.L. Baradhwaj, Sr. Vice President (Compliance) & Chief Risk

Compliance & Risk management C.L. Baradhwaj, Sr. Vice President (Compliance) & Chief Risk

Compliance & Risk management C.L. Baradhwaj, Sr. Vice President (Compliance) & Chief Risk Officer, Bharti AXA Life Insurance Company Limited Stakeholder Protection IRDA-ICSI Seminar on Convergence of Company Law and Insurance Law 26

437 views • 16 slides
Metrics That Matter Security Risk Analytics Katy Loughney , Director of Risk Analytics, West -

Metrics That Matter Security Risk Analytics Katy Loughney , Director of Risk Analytics, West -

| Smart Metrics, Intelligent Decisions Metrics That Matter Security Risk Analytics Katy Loughney , Director of Risk Analytics, West - Brinqa March 14 th , 2014 What Matters to CIOs?

376 views • 23 slides
The NAI Mobile Application Code: Extending Third-Party Compliance into the Mobile Ecosystem Why

The NAI Mobile Application Code: Extending Third-Party Compliance into the Mobile Ecosystem Why

The NAI Mobile Application Code: Extending Third-Party Compliance into the Mobile Ecosystem Why a Mobile Application Code? Extend the NAI compliance program into the mobile application space Provide extra flexibility for this rapidly

319 views • 18 slides
Ecommerce: Risk & Compliance of Doing Risk & Compliance of Doing Business Online Tg

Ecommerce: Risk & Compliance of Doing Risk & Compliance of Doing Business Online Tg

16/11/2012 Ecommerce: Risk & Compliance of Doing Risk & Compliance of Doing Business Online Tg Farith Rithauddeen Skali Group About SKALI E-commerce Growth Risks of Doing Business Online Risks of Doing Business

459 views • 17 slides
Risk Management, Compliance and CRA October 25, 2018 Hosted By: Michael Gallagher Chief Risk

Risk Management, Compliance and CRA October 25, 2018 Hosted By: Michael Gallagher Chief Risk

Risk Management, Compliance and CRA October 25, 2018 Hosted By: Michael Gallagher Chief Risk Officer, EVP 1 Todays Agenda Risk Management Risk governance Enterprise Risk Management Community Reinvestment Act Operational Risk

366 views • 23 slides
Introduction to Risk Management (Theory & Practice) DCU Risk & Compliance Officer

Introduction to Risk Management (Theory & Practice) DCU Risk & Compliance Officer

Risk Management Introduction to Risk Management (Theory & Practice) DCU Risk & Compliance Officer November 2015 Risk Management Sections 1) Aims of presentation 7) Tips for success 2) What is Risk Management (RM)? 8) Why RM may

533 views • 32 slides
Shelter Task Force Presentation Budget and Metrics Fort Worth Code Compliance Fort Worth Code

Shelter Task Force Presentation Budget and Metrics Fort Worth Code Compliance Fort Worth Code

Shelter Task Force Presentation Budget and Metrics Fort Worth Code Compliance Fort Worth Code Compliance Brandon Scott Bennett, Director January 6, 2016 Overview Response to Previous Meeting Fort Worth Code Compliance Organization and

1.37k views • 99 slides
Risk management plan (RMP) compliance monitoring Belinda Ahlers Evaluator, Risk Management Plan

Risk management plan (RMP) compliance monitoring Belinda Ahlers Evaluator, Risk Management Plan

Risk management plan (RMP) compliance monitoring Belinda Ahlers Evaluator, Risk Management Plan Evaluation Section, Pharmacovigilance and Special Access Branch Why does RMP compliance matter? RMPs aim to ensure that the benefits of a

732 views • 22 slides
Risk and Compliance Risk and Compliance Mark Hofman SANS Institute/Shearwater Solutions 06

Risk and Compliance Risk and Compliance Mark Hofman SANS Institute/Shearwater Solutions 06

Ministry of Science, People First, Performance Now Technology and Innovation Risk and Compliance Risk and Compliance Mark Hofman SANS Institute/Shearwater Solutions 06 November 2012 Ministry of Science, People First, Performance Now

245 views • 21 slides
Compliance Plans Kelly S. McIntosh July 20, 2017 Roadmap The importance of compliance and

Compliance Plans Kelly S. McIntosh July 20, 2017 Roadmap The importance of compliance and

Compliance Plans Kelly S. McIntosh July 20, 2017 Roadmap The importance of compliance and compliance programs Common compliance issues know your risk areas! Guidance for drafting or updating your compliance plan Elements of

1.16k views • 50 slides
What we learned from Community Metrics Agenda Why are metrics used? How metrics are used

What we learned from Community Metrics Agenda Why are metrics used? How metrics are used

What we learned from Community Metrics Agenda Why are metrics used? How metrics are used in two Open Source communities Common pitfalls and ways to avoid them Why use Metrics? Transparency Who is contributing to the

166 views • 14 slides
COMPLIANCE Jon Bonham CISA, QSA Director, Enterprise Risk and Compliance AGENDA About The

COMPLIANCE Jon Bonham CISA, QSA Director, Enterprise Risk and Compliance AGENDA About The

E-COMMERCE AND PCI COMPLIANCE Jon Bonham CISA, QSA Director, Enterprise Risk and Compliance AGENDA About The Speaker About Coalfire E-Commerce The Good - the benefits The Bad - what could go wrong The Ugly- how to truly

484 views • 25 slides
Calibrated Risk Adjusted Modeling (CRAM): A Bridge Design for Extending the Applicability of

Calibrated Risk Adjusted Modeling (CRAM): A Bridge Design for Extending the Applicability of

Calibrated Risk Adjusted Modeling (CRAM): A Bridge Design for Extending the Applicability of Randomized Controlled T rials Ravi Varadhan Division of Biostatistics & Bioinformatics Department of Oncology Sidney Kimmel Comprehensive Cancer

375 views • 20 slides
Extending ns Extending ns In OTcl In C++ Debugging Padma Haldar USC/ISI 1 2 ns

Extending ns Extending ns In OTcl In C++ Debugging Padma Haldar USC/ISI 1 2 ns

Outline Extending ns Extending ns In OTcl In C++ Debugging Padma Haldar USC/ISI 1 2 ns Directory Structure Extending ns in OTcl ns-allinone If you dont want to compile source your changes in your sim Tcl8.3 TK8.3

303 views • 9 slides
NYSARC/CP Compliance Seminar: Risk Assessments May 2, 2016 Robert Hussar and Melissa Zambri

NYSARC/CP Compliance Seminar: Risk Assessments May 2, 2016 Robert Hussar and Melissa Zambri

NYSARC/CP Compliance Seminar: Risk Assessments May 2, 2016 Robert Hussar and Melissa Zambri rhussar@barclaydamon.com mzambri@barclaydamon.com Agenda Introductions Compliance Risk Assessment Process OMIG Effectiveness Review

398 views • 35 slides
Acquisition of AS Starman 13 December 2016 Elisa acquires cable TV operator, Starman Estonia

Acquisition of AS Starman 13 December 2016 Elisa acquires cable TV operator, Starman Estonia

Acquisition of AS Starman 13 December 2016 Elisa acquires cable TV operator, Starman Estonia The Estonian pay TV market leader Acquisition of a strong, well- performing business High profitability (2015 EBITDA-margin 49%) and growth

445 views • 7 slides
ORIGINAL ARTICLE A Study on Clinical Presentation of Primary Lung Cancer Md. Amzad Hossain 1 ,

ORIGINAL ARTICLE A Study on Clinical Presentation of Primary Lung Cancer Md. Amzad Hossain 1 ,

Chest & Heart Journal Vol. 40, No. 1, January 2016 ORIGINAL ARTICLE A Study on Clinical Presentation of Primary Lung Cancer Md. Amzad Hossain 1 , Md. Khairul Anam 2 , Kh. Hafizur Rahman 3 , Tridip Kanti Barmon 4 , Md. Abu Hanif 5 , Md

178 views • 5 slides
B. Panel Presentation 1. Local Governance Reforms that Have Been Achieved Critical Reforms to Be

B. Panel Presentation 1. Local Governance Reforms that Have Been Achieved Critical Reforms to Be

B. Panel Presentation 1. Local Governance Reforms that Have Been Achieved Critical Reforms to Be Achieved Ensuring Sustainability DILG Programs being implemented: Seal of Good Ensuring results of CSO participation

160 views • 15 slides
31 Oct 2012 National Vector-Borne Disease Control Programme (NVBDCP) NVBDCP Malaria

31 Oct 2012 National Vector-Borne Disease Control Programme (NVBDCP) NVBDCP Malaria

State MD NRHM Meeting on 31 Oct 2012 National Vector-Borne Disease Control Programme (NVBDCP) NVBDCP Malaria Dengue Chikungunya JE/AES Kala-azar Lymphatic Filariasis Morbidity & Mortality of VBDs Dis

531 views • 38 slides
` Board of Directors Meeting June 14, 2018 Findings of Teen Hunger Study Presentation Item V.B.

` Board of Directors Meeting June 14, 2018 Findings of Teen Hunger Study Presentation Item V.B.

` Board of Directors Meeting June 14, 2018 Findings of Teen Hunger Study Presentation Item V.B. Recommended Action: Information Only Strategic Plan Alignment: Strengthening Community In September 2017, JWB entered into a contract with

396 views • 18 slides
Exploring Digital Democracy with ECAS Presentation by Elisa Lironi ENCC Travelling Academy -

Exploring Digital Democracy with ECAS Presentation by Elisa Lironi ENCC Travelling Academy -

Civic Participation in the Age of Digitalization: Exploring Digital Democracy with ECAS Presentation by Elisa Lironi ENCC Travelling Academy - Krakow, 15 October 2015 19/10/2015 Exploring Digital Democracy with ECAS 1 What is ECAS? WHO?

427 views • 13 slides
NATURAL, INTERACTIVE TRAINING OF SERVICE ROBOTS TO DETECT NOVEL OBJECTS Elisa Maiettini and Dr.

NATURAL, INTERACTIVE TRAINING OF SERVICE ROBOTS TO DETECT NOVEL OBJECTS Elisa Maiettini and Dr.

MUNICH 10-12 OCT 2017 NATURAL, INTERACTIVE TRAINING OF SERVICE ROBOTS TO DETECT NOVEL OBJECTS Elisa Maiettini and Dr. Giulia Pasquale Joint work with: Prof. Lorenzo Natale, Prof. Lorenzo Rosasco iCub R1 What do we need? Target scenario

520 views • 17 slides
ABC Group Presentation Introduction Since 1982, ABC Maritime, a Swiss based family owned group of

ABC Group Presentation Introduction Since 1982, ABC Maritime, a Swiss based family owned group of

ABC Group Presentation Introduction Since 1982, ABC Maritime, a Swiss based family owned group of companies, offers complete solutions to the worlds maritime communities of ship owners, trading houses, oil companies, financial institutions

87 views • 8 slides

More recommend