Finding Critical Open Source Projects
Criticality of an open source project is difficult to define; what might be a critical dependency for one consumer of open source software may be entirely absent for another. However, arriving at a shared understanding and framework allows us to have productive conversations about our dependencies. Simply put, we define criticality to be the influence and importance of a project.
In order for OpenSSF to fund these critical open source projects, they need to be identified first. For this purpose, we are releasing a new project – “Criticality Score” under the OpenSSF. Criticality score indicates a project’s criticality (a number between 0 and 1) and is derived from various project usage metrics in a fully automated way. Our initial evaluation metrics include a project’s age, number of individual contributors and organizations involved, user involvement (in terms of new issue requests and updates), and a rough estimate of its dependencies using commit mentions. We also provide a way to add your own metric(s). For example, you can add internal project usage data to re-adjust a project’s criticality score for individualized prioritization needs.
Identifying these critical projects is only the first step in making security improvements. OpenSSF is also exploring ways to provide maintainers of these projects with the resources they need. If you’re a maintainer of a critical software package and are interested in getting help, funding, or infrastructure to run your project, reach out to the OpenSSF’s Securing Critical Projects working group here.
By Abhishek Arya, Kim Lewandowski, Dan Lorenc and Julia Ferraioli – Google Open Source
Related Google News:
- Digging for performance gold: finding hidden performance wins April 22, 2021
- The new Google Cloud region in Warsaw is open April 14, 2021
- Schools turn to Google Cloud to help re-open campuses April 13, 2021
- Announcing the First Group of Google Open Source Peer Bonus winners in 2021! April 8, 2021
- Google Developer Student Club 2021 Lead applications are open! April 6, 2021
- Student applications for Google Summer of Code 2021 are now open! March 29, 2021
- Google Search sends more traffic to the open web every year March 24, 2021
- Progress and Challenges in Long-Form Open-Domain Question Answering March 23, 2021