If you've been following the Open Integrity Index, you will have noticed that after our initial efforts in 2013, the project has been on hold. During this first phase, we developed the foundations for our criteria and setup a beta platform. We now advance with new funders to develop the next step of the project with us.
In this first phase we set the tone of the initiative and the values that we adhere to:
- We care about the impact of technology on all users and particularly those who depend on it to enjoy their fundamental rights.
- We take a holistic approach to understanding the impact of technology which includes the technical features tools make available, but also their usability and the governance and policies of the tool makers.
- We believe that security by transparency is the way to go, yet we know that there are also best practices to follow with closed source software that make a difference for users.
Open Integrity Initiative has assembled a list of a hundred possible metrics related to various aspects of software development, including governance, systems, architecture, build and user experience. In this new phase we will shift our focus towards the gathering of measurement and claims and the development of a knowledge framework about the adoption of best practices that support the security and privacy of software.
Data about the adoption of security and privacy best practices are often difficult to find and rarely easy for users to understand. How can the adoption of these practices be measured, and what is the most useful structure for such a broad range of measurements? How can we answer reliably and consistently questions such as:
- Which tools are open-source?
- Which tools provide end-to-end encryption, implement forward secrecy or support two-factor authentication?
- Which have security features that are usable without prior expertise or training?
- Which can be downloaded securely and verified to be authentic?
This is what we're setting out to answer. In the next 6 months we'll focus on developing partnerships in order to define metrics and collect data that will be available for an audience of professionals (software engineers, trainers, advocacy organizations) and will help provide answers about best practices adoption.