Articles Google has developed a rating system for open source...

Google has developed a rating system for open source projects


As part of its participation in the Open-Source Security Foundation (OpenSSF), Google has developed a system for ranking open source projects based on their importance to a given area. Launched by Google and its OpenSSF peers, the Criticality Score system allows organizations to determine which projects deserve more attention and who should provide support and funding first.

The Criticality Score system uses an algorithm developed by the famous programmer Rob Pike, who at one time participated in the creation of Unix, Inferno and Plan 9 operating systems, Go and Limbo programming languages, etc.

According to the Criticality Score, the importance of open source projects to the industry is rated from 0 (minimum criticality) to 1 (maximum criticality). The assessment is based on the following criteria:

  • Age of the project (factor 1);
  • Date of the last update (coefficient -1);
  • Number of participants (this criterion is key, coefficient 2);
  • The number of organizations whose members are participants (coefficient 1);
  • The frequency of adding commits (factor 1);
  • Number of releases in the last year (coefficient 0.5);
  • Number of updates and bug fixes for the last 90 days (coefficient 0.5);
  • Comment frequency (factor 1);
  • Number of projects mentioned in commit messages (this criterion is key, factor 2).

Organizations can also add their own criteria and change coefficient values. The assessment of the importance of the project is carried out automatically using the criticality_score utility based on information from its repository.

Currently, several categories of critical projects have been identified, divided depending on the programming language. You can get acquainted with them here .

Must read

28 dangerous extensions detected for Google Chrome and Microsoft Edge

Avast experts have discovered malware hidden in at least 28 third-party...

Critical Infrastructure Warning! Millions of PLCs, switches, IoT devices are under threat

Eleven vulnerabilities, combined under the name Urgent / 11,...

Why Is It Important To Have Intrusion Detection And Prevention ?

This article describes why detection and prevention of burglaries...

The risk is real: attacks on OT infrastructure

Previously, many believed that attacks on an isolated OT...

Gitpaste-12: Linux bot armed with a dozen exploits

Researchers at Juniper Networks have discovered a Linux scripting...

Saferwall : Open Source Malware Analysis

Saferwall is an open source malware analysis platform. It...

Network Vulnerability Assessment ? Why Should Every Company Do it at least once a Year !

Network vulnerability assessment analyzes a variety of network issues,...

Artificial Intelligence and Cyber Security

As artificial intelligence intrudes into the world of cybersecurity,...

You might also likeRELATED
Recommended to you