This section of the Body of Knowledge describes common measurements you might make within an organisation to judge the health either of individual projects or the organisation's maturity of open source as a whole.
For an organisation engaged in open source (or inner source), consider measuring the strength of contribution, security posture and legal compliance.
It is important to make sure that your organisation's staff are able to both efficiently and compliantly contribute code to open source repositories.
Project Level Metrics
For a given open source project, here are some ways of measuring the health of the project, thereby determining Dependency Risk.
OSPO Support Function
If you are running an OSPO, does it have a support function? If so, can you measure the amount of interaction with the OSPO and how it changes over time as a proxy for value?
Code duplication occurs when internal staff are forced to create copies of external (or other internal code) and modify it to suit their own purposes, thereby increasing the maintenance overhead.