OpenSSL Cryticality Score

Nicola Tuveri nic.tuv at
Fri Dec 11 07:39:23 UTC 2020

Hi all,

just sharing an interesting factoid I came across today about the project.

Google, as part of the Open Source Security Foundation, yesterday released
a new project dubbed "Criticality Score", attempting (I am simplifying here
for brevity) to create a metric of "how critical" a software is in the
software ecosystem.
You can read more accurate info about it here:

They publish the collected metadata and the resulting score (based on the
formula described at <>) online as
a CSV file.

Sidenote: Notice the data seems to refer only to whatever the github API
for a repo says, so for example OpenSSL is only 95 months old because
that's when the github mirror was created (I opened an issue about this).

Anyway, they split the data by language, and, among the analyzed C
projects, OpenSSL expectedly scores quite high, being 6th in the top 200
measured C projects.

Here is a link directly to the data:


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the openssl-project mailing list