From Urban Resilience to Open Source Software Resilience

Open Source Software (OSS) projects are widely used and contribute to various domains of the digital world. However, as they evolve, OSS projects also face a lot of challenges, such as technical (i.e. accumulation of technical debt), community (i.e. community members move to another OSS project), business (i.e. finding the right business models that lead to sustainability) or legal (i.e. choosing the right licensing scheme). These challenges, among others, can impact the resilience of an OSS project.

Urban resilience and the City Resilience Framework

The City Resilience Framework [1], developed by Arup and the Rockefeller Foundation, is a comprehensive approach to building resilience in cities around the world. This framework provides a holistic understanding of resilience by considering a city's social, economic, and physical systems, and their interdependencies. It aims to guide city leaders, urban planners, and policymakers in developing strategies to enhance resilience and effectively respond to shocks and stresses.

At its core, the City Resilience Framework recognizes that cities are dynamic and complex systems, constantly evolving and facing a wide range of challenges. These challenges can include natural disasters, climate change, population growth, economic inequality, and social unrest. To address these challenges, the framework emphasizes the need for cities to be adaptable, resourceful, and capable of bouncing back from adversity.

The framework consists of four dimensions, each comprising a set of specific qualities that contribute to a city's resilience. These dimensions are:

1. Health and Wellbeing: This dimension focuses on the physical and mental well-being of city residents. It includes factors such as access to healthcare, clean air and water, social cohesion, and community engagement. A resilient city ensures the health and safety of its population, especially during crises.
2. Economy and Society: This dimension emphasizes the importance of a diverse and inclusive economy that can withstand shocks and provide livelihood opportunities for all residents. It addresses issues such as economic inequality, social cohesion, infrastructure development, and the provision of basic services.
3. Infrastructure and Environment: This dimension recognizes the critical role of infrastructure and the environment in enhancing resilience. It encompasses the built environment, transportation systems, energy networks, and natural resources. Resilient cities invest in robust infrastructure, sustainable development practices, and the preservation of ecological resources.
4. Leadership and Strategy: This dimension focuses on governance, planning, and decision-making processes within a city. Resilient cities have strong leadership and effective institutions that can anticipate, respond to, and recover from shocks and stresses. They prioritize long-term strategies, collaboration between stakeholders, and the integration of resilience considerations into policies and plans.

The City Resilience Framework also highlights the importance of cross-cutting issues, such as innovation, risk reduction, and learning from experiences. It encourages cities to foster innovation and leverage technology to enhance resilience. It also emphasizes the need for proactive risk reduction measures, such as early warning systems, disaster preparedness plans, and resilient infrastructure design.

Furthermore, the framework recognizes that cities are interconnected and interdependent. It emphasizes the importance of regional and international collaboration in sharing knowledge, resources, and best practices. By learning from each other, cities can build stronger networks and collectively address global challenges.

From Urban Resilience to Open Source Software Resilience

We argue that Open Source Software projects share a conceptual similarity with cities. They are dynamic and continuously evolving systems with their own structural properties, they attract people that form communities around them which, on a second level, may utilize a governance model. Some OSS projects have commercial activity. As it happens with cities, OSS projects can face stressors and crises (i.e. developers abandoning the project to work on a fork or users massively migrate to a competitive project).

For that reason, we attempted an adaptation of the City Resilience Framework in [2]. In it, we define the four key dimensions for Open Source Software as follows:

1. Source Code: The first dimension of CRF is Health & Well-being and it is related with people. In Open Source Software we consider source code (i.e. classes) to be the structural unit of the project. In this dimension we will take under consideration aspects like the activity and growth rate of an OSS project along with some other related aspects.
2. Business & Legal: The second dimension of CRF is Economy & Society and is related with organization. In Open Source Software the norm is voluntary work but, more mature projects are utilizing Open Source Business Models to offer commercial services (be it pro features or support). For those types of projects licensing plays a key role when it comes to commercialization.
3. Integration & Reuse: The third dimension of CRF is related to place. Open Source Software projects usually reuse components of other OSS projects or are being reused themselves. In this spirit, in the third dimension of the Open Source Software Resilience Framework we will be dealing with the aspects of integration and reuse.
4. Social (Community): Finally the last dimension of CRF is about Leadership & Strategy and is related with utilizing knowledge from the past to become better and more resilient in the future. In Open Source Software both leadership and strategy related processes are usually connected with the community. Moreover most of the knowledge related to an Open Source Software usually comes from its community activity (i.e. feature proposal, bug reports, translations, documentation, testing and so forth).

A tool to investigate Open Source Software Resilience

To investigate the resilience of OSS projects, we created a tool, called Source-o-grapher [3] that analyzes the source code and metadata of OSS projects and provides various metrics and visualizations to assess their resilience. Source-o-grapher can help developers, researchers, and users to understand the characteristics and evolution of OSS projects, identify potential risks and vulnerabilities, and suggest possible improvements.

Our Source-o-grapher consists of four main components:

1. a crawler that collects data from GitHub repositories
2. a parser that extracts information from the source code and metadata, such as dependencies, contributors, commits, issues, and pull requests
3. an analyzer that computes various metrics, such as modularity, cohesion, coupling, complexity, test coverage, bug density, and community health
4. a visualizer that displays the results in various graphical ways

In the following flowchart, you can see an abstract representation of the architecture of the tool. On the left side of the figure, we can see the input process. There are two ways for the user to provide input to the tool:

1. Via a coma separated values (.CSV) formatted file. In this case the file contains a list of all the indicators that the tool uses (see Fig. 3), and the user inputs the data to the file manually (this method does not utilize the automatic extraction of data from Github or PhpMetrics). This method is programming language agnostic. An example of this input is provided in Fig. 2. If the user utilizes this manual input process all they have to do is provide the values under the score column following the guidelines of the Open Source Software Resilience Framework.4 The “Indicator Name” and the “Indicator ID” columns are used from the Source-o-grapher tool in order to assess the resilience of the OSS project when the manual input mode is used.
2. In cases where the OSS PHP project to be analyzed is hosted in Github, the tool provides a GUI for automatic analysis. Source-o-grapher is integrated with Github to automatically collect some of the indicators directly from the repository. It then processes another set of indicators using the PhpMetrics analyzer. The remaining indicators are being requested from the user via the GUI. Please note that the indicators requested from the user are qualitative indicators and therefore, since they represent expert opinion, cannot be automatically calculated.

The tool will then output the metrics of the resilience framework and visualize in two graphs the results on dimensions and goals levels. Following, you can find the results of the resilience analysis as it happened for Composer’s v1.4.0.

So, why investigate the resilience of an OSS project?

The investigation of software resilience in OSS projects can be a key tool to software engineers that need to integrate OSS components to their solutions, IT managers that need to choose open source solutions for their organizations and policymakers that are interested in the longevity of the OSS solutions that their institutions utilize or want to adopt in the near future.

Source-o-grapher allows the aforementioned stakeholders to perform an analysis on either different OSS tools that are potential alternatives for a specific need or to track the resilience of an OSS project as it evolves, over time, through its versions.

Another possible use for the software resilience analysis that Source-o-grapher offers could be to investigate the effect that a specific commit or the work of a specific developer or team of developers had on the project towards its resilience. As our tool allows the user to assess an OSS project using the URL of a specific version (i.e. Github tag) we are able to compare the resilience level of the project from one release to another. This could be utilized by organizations, project managers, engineering team leads and developers to assess specific contributions to the project.

Moreover, the option of the manual assessment of the tool allows the users of Source-o-grapher to assess OSS projects that are not hosted on Github Repositories and are not implemented in PHP programming language. In this case, the user will have to use their own tools to provide the values of the required indicators (i.e. a static code analysis tools like SonarQube, CppCheck and so forth).

Can I use Source-o-grapher myself?

Absolutely! Both the source code of the tool [4] and the scientific publication [3] are published under open licenses (the source code under the MIT License and the scientific publication under the Open Access Creative Commons Atribution International 4.0 license). 

You are free to try our tool for free. We are also welcoming any contributions or feedback you might have for us. You can post your feedback in the issues section of the Github repository of the tool [4].

References

[1] City Resilience Framework - The Rockefeller Foundation, [online]

[2] Kritikos, A., Stamelos, I. (2018). Open Source Software Resilience Framework. Open Source Systems: Enterprise Software and Solutions. OSS 2018. IFIP Advances in Information and Communication Technology, vol 525. Springer, Cham. https://doi.org/10.1007/978-3-319-92375-8_4

[3] Kritikos, A., Polychroniadis, P., Stamelos, I. (2023). Source-o-grapher: A tool towards the investigation of software resilience in Open Source Software projects. Software X Journal, https://doi.org/10.1016/j.softx.2023.101337

[4] Source-o-grapher source code. Github repository [online]

Image credit: Hans Isaacson on Unsplash

Disclaimer: Images and selective information of this post are reused from the Open Access publication “Source-o-grapher: A tool towards the investigation of software resilience in Open Source Software projects” as it appeared in Software X Journal. Apostolos Kritikos, the author of this post, was a co-author to the aforementioned scientific manuscript.