30.Lock Globe Motherboard

Back in 2020 Google and the Open-Source Security Foundation (OpenSSF) came up with a "Criticality Score" to rank the importance/criticality of open-source projects. The Criticality Score is a means of quantifying the importance of an open-source project such as if in need of funding or development assistance. Criticality Score 2.0 has now been published.

The Criticality Score takes into account the age of the codebase/repository, the contributor count, commit frequency, the number of releases in the past year, the number of closed and updated issues in the last 90 days, the comment frequency, the number of project mentions in commit messages, and other parameters to come up with a numerical representation between 0 and 1 for how critical a project is by this standard. The Criticality Score software can compute the score based on a GitHub repository URL.

The Criticality Score software is maintained by the Open Source Security Foundation's "Securing Critical Projects" working group. Among the most critical C language projects on GitHub are Git, the Linux kernel, PHP, OpenSSL, systemd, and curl. For the most critical Rust-written projects the list includes Rust itself, Servo, Cargo, rust-analyzer, and others. The most critical PHP projects include Symfony, Magento2, Joomla, and the Laravel Framework. Topping the Python criticality list includes the likes of SaltStack Salt, Home-Assistant Core, CPython, Scikit-Learn, and Numpy.

The link for this article located at Phoronix is no longer available.