OpenSSL Cryticality Score
Nicola Tuveri
nic.tuv at gmail.com
Fri Dec 11 07:39:23 UTC 2020
Hi all,
just sharing an interesting factoid I came across today about the project.
Google, as part of the Open Source Security Foundation, yesterday released
a new project dubbed "Criticality Score", attempting (I am simplifying here
for brevity) to create a metric of "how critical" a software is in the
software ecosystem.
You can read more accurate info about it here:
https://opensource.googleblog.com/2020/12/finding-critical-open-source-projects.html
They publish the collected metadata and the resulting score (based on the
formula described at <https://github.com/ossf/criticality_score>) online as
a CSV file.
Sidenote: Notice the data seems to refer only to whatever the github API
for a repo says, so for example OpenSSL is only 95 months old because
that's when the github mirror was created (I opened an issue about this).
Anyway, they split the data by language, and, among the analyzed C
projects, OpenSSL expectedly scores quite high, being 6th in the top 200
measured C projects.
Here is a link directly to the data:
https://commondatastorage.googleapis.com/ossf-criticality-score/index.html
Cheers,
Nicola
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-project/attachments/20201211/3c06fc65/attachment.html>
More information about the openssl-project
mailing list