10 captures
11 Jul 2015 - 01 Feb 2025
Aug SEP Oct
05
2014 2015 2016
success
fail

About this capture

COLLECTED BY

Organization: Internet Archive

The Internet Archive discovers and captures web pages through many different web crawls. At any given time several distinct crawls are running, some for months, and some every day or longer. View the web archive through the Wayback Machine.

Collection: Wide Crawl Number 13

Web Wide Crawl Number 13
TIMESTAMPS

The Wayback Machine - http://web.archive.org/web/20150905171646/https://github.com/linuxfoundation/cii-census
   Skip to content  


Sign up  Sign in  




Explore  
Features  
Enterprise  
Pricing  











Watch  

Star  

Fork  

/cii-census  









Code  

Issues  

Pull requests  




Pulse  

Graphs  



HTTPS clone URL




Subversion checkout URL




You can clone with  

or

.  
Download ZIP  




Automated review of open source software projects  





51 commits  

2 branches  

2 releases  

Fetching contributors  




(一) HTML  99.8%  

(二) Other  0.2%  






HTML  Other  

Branch:  master  


Switch branches/tags  





Branches  
Tags  




develop   master  

Nothing to show
  


1.1.0  
1.0.0  

Nothing to show
  



cii-census/  



Issue #21  

latest commit 84ee133924  
@skhakimov skhakimov  authored   


 
Failed to load latest commit information.
latest_cache Rename Util-linux-ng.xml to util-linux-ng.xml
original_cache Rename AnalogCAmie.xml to analogcamie.xml
.gitignore Initial commit
Black-Duck-Letter-6SJan2015.pdf Initial commit
ChangeLog.txt Issue #21
LICENSE Initial commit
Makefile Initial commit
OSS-2015-06-19.docx Renamed files to clarify filetypes
OSS-2015-06-19.odt Renamed files to clarify filetypes
OSS-2015-06-19.pdf Updated to final version of the whitepaper from David
README.md Added CII link
apt_cache_dumpavail.txt Initial commit
by_inst Updated popularity numbers 7 Aug 2015
dataflow-analysis.pptx Updated to reflect current dataflow
oss_package_analysis.py Popularity measure Issue #21
projects_to_examine.csv rename openhub_name to openhub_lookup_name
results.csv Updated Results per Issue #21
sqlite_results.sh Merge branch 'develop'


README.md  

Core Infrastructure Initiative Census


Automated review of open source software projects
This project contains programs and documentation to help identify open source software (OSS) projects that may need additional investment to improve security.
Key files include:

OSS-2015-06-19.pdf: Detailed documentation about this work.
projects_to_examine.csv: CSV file listing OSS projects to be examined, as well as data that requires human input
oss_package_analysis.py: Python program that reads projects_to_examine.csv to determine the OSS projects to examine. It gathers data from a a variety of data sources, caching where it can. It produces results.csv.
results.csv: CSV file listing OSS projects and related metrics.
by_inst: Debian popularity statistics from http://popcon.debian.org/by_inst (you can get this from http://popcon.debian.org/ by selecting "Statistics for the whole archive sorted by fields").

The Python analysis program is released under the MIT license and requires BeautifulSoup to work. The program requires an API key from Black Duck Open Hub to work.
The documentation is released under the Creative Commons CC-BY license.
Some supporting data was sourced from the Black Duck Open HUB (formerly Ohloh), a free online community resource for discovering, evaluating, tracking and comparing open source code and projects. We thank Black Duck for the data!

Description of this project


The Heartbleed vulnerability in OpenSSL highlighted that while some open source software (OSS) is widely used and depended on, vulnerabilities can have serious ramifications, and yet some projects have not received the level of security analysis appropriate to their importance. Some OSS projects have many participants, perform in-depth security analyses, and produce software that is widely considered to have high quality and strong security. However, other OSS projects have small teams that have limited time to do the tasks necessary for strong security. The trick is to identify which critical projects fall into the second bucket.
We have focused on automatically gathering metrics, especially those that suggest less active projects. We also provided a human estimate of the program's exposure to attack, and developed a scoring system to heuristically combine these metrics. These heuristics identified especially plausible candidates for further consideration. For our initial set of projects to examine, we took the set of packages installed by Debian base and added a set of packages that were identified as potentially concerning.
We invite you to contribute in the following ways:

fork the repository and try different metrics and heuristics. Send us pull requests for the ones that you find experimentally make the most sense.
fork the repository and try different data sources.
review the data in projects_to_examine.csv and send corrections and elaborations.
suggest more projects to consider in the future.
open an issue to mention additional relevant literature in the field.

Background


This work was sponsored by the Linux Foundation's Core Infrastructure Initiative
  








Status
API
Training
Shop
Blog
About
Pricing
  

© 2015 GitHub, Inc.
Terms
Privacy
Security
Contact
Help
  


Something went wrong with that request. Please try again.  
You signed in with another tab or window. Reload to refresh your session.  You signed out in another tab or window. Reload to refresh your session.