Open Source Insider

Jul 16 2015   2:30PM GMT

Linux Foundation ‘census’ to assess planet’s project population & health

Adrian Bridgwater Adrian Bridgwater Profile: Adrian Bridgwater

Tags:
Git

cii_initiatives_census_notitle.png

The Linux Foundation’s Core Infrastructure Initiative (CII) has launched The Census Project.

Census Project is a new programme to analyse popular open source projects to identify which ones are:

a) critical to Internet infrastructure

b) most in need of additional support

c) most in need of additional funding.

A working example

cii_analysisprogram_v4-03.png

The Heartbleed vulnerability in the open source software (OSS) program OpenSSL had widespread impact and serious ramifications.

It led to the formation of the multi-million dollar Core Infrastructure Initiative backed by The Linux Foundation and industry leaders like Amazon Web Services, Facebook, Google, IBM and Microsoft.

The Census Project expands on the CII’s efforts to collaboratively identify and fund critical open source projects in need of assistance.

Project risk score analysis

It automates the collection and analysis of data on different open source projects, ultimately creating a risk score for each project based on the results.

Projects with a higher ranking are especially in need of reinforcements and funding; and, as a result, CII will consider such projects priority candidates for funding. A high score means that the project may not be getting the attention that it deserves and that it merits further investigation.

“Measuring software security is an ongoing struggle that’s notoriously difficult given missing or messy data,” said Jim Zemlin, executive director at The Linux Foundation.

“There’s no perfect set of metrics to guarantee that software is secure or not. The Census Project brings the power of the open source collaboration to help fill this massive gap, which will provide a useful barometer for assessing software from a security point of view. We look forward to feedback on the effort in order to improve the census itself and subsequently the software that we all depend on for our privacy and security,” he added.

With full source and data available on GitHub, developers and security experts are invited to participate in The Census Project, from experimenting with different metrics, providing corrected data, proposing new projects to include in the evaluation, and suggesting alternative formulas for combining the data.

Anyone can issue a pull request with suggested changes from the most successful alternatives.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: