The Core Infrastructure Initiative (CII) has announced a new project to help determine which open-source projects are critical to Internet infrastructure, and in need of additional support and funding. The Census Project is an experimental tool meant to gather metrics and prioritize projects for CII review.
“The Census Project aims to become an excellent framework for guiding CII funding to the projects most in need,” said Emily Ratliff, senior director of infrastructure security at The Linux Foundation. “CII members expect The Census Project to accelerate the process by which projects that are in need receive support and additional funds.”
The tool will score projects based on common vulnerabilities and exposures, whether or not it has a website, the amount of contributors, the popularity of the project, network exposure and application data. Higher scores indicate the projects that may need more attention and that will be sent for CII consideration.
“Measuring software security is an ongoing struggle that’s notoriously difficult given missing or messy data,” said Jim Zemlin, executive director at The Linux Foundation. “There’s no perfect set of metrics to guarantee that software is secure or not. The Census Project brings the power of the open source collaboration to help fill this massive gap, which will provide a useful barometer for assessing software from a security point of view. We look forward to feedback on the effort in order to improve the census itself and subsequently the software that we all depend on for our privacy and security.”
According to CII, the project solidifies its commitment to transition from point fixes to preemptive solutions for open-source security.