Google presented a rating of critical open source projects

Google proposed a system for ranking open source projects by their degree importance to the industry. The rating will help to highlight critical important projects on which a lot depends, and which, first of all, need to be provided with resources for maintenance, development and security. Using this rating, organizations willing to provide development assistance and support will be able to identify projects that deserve priority attention.

Since the importance of a project is not obvious and different criteria may apply for different areas, Google suggested using Criticality Score , which is calculated using an algorithm proposed by the famous programmer Rob Pike ( Rob Pike ), who was at the origin of Unix , Plan 9, Inferno and UTF-8. The algorithm takes into account 10 weighting factors, on the basis of which it calculates the level of importance in the range from 0 (least critical) to 1 (most critical).


The calculation takes into account the number of dependent projects (key parameter), the number of developers, the lifetime of the project, the time of the last update , number of supporting organizations, average number of changes per year, number of releases per year, number of closed and updated bug reports in the last 90 days. If desired, organizations can add additional criteria based on their preference, or change the value of the proposed weights. The rating is calculated fully automatically by a specially prepared utility criticality_score based on information from the project repository.

Maintainers of projects marked as critical can contact organization OpenSSF (Open Source Security Foundation), in case of need to provide assistance, resources, financial support or infrastructure elements.

Currently, several categories of critical projects are distinguished, divided according to the programming language used:

C projects C ++ projects Java projects. JavaScript projects. Python projects. Rust projects

/Release. View in full here.