Google Plans to Calculate ‘Criticality’ Scores for Open Source Projects

Programming columnist Mike Melanson writes:
As part of its involvement in the recently announced Open Source Security Foundation (OpenSSF), Google has penned a blog post outlining one of the first steps it will take as part of this group, with an attempt at finding critical open source projects.

“Open source software (OSS) has long suffered from a ‘tragedy of the commons’ problem,” they write. “Most organizations, large and small, make use of open source software every day to build modern products, but many OSS projects are struggling for the time, resources and attention they need.”

So as a way to address this problem, and help fund those projects that need funding, Google is releasing the Criticality Score project. The project gives projects a criticality score (a number between 0 and 1) that is “is derived from various project usage metrics” such as “a project’s age, number of individual contributors and organizations involved, user involvement (in terms of new issue requests and updates), and a rough estimate of its dependencies using commit mentions.” From there, you can also add your own metrics, if you see fit…

Abhishek Arya, one of the project’s creators, points out that the project is still in its initial phases and welcoming feedback on “any ideas on metrics we can use.” Arya also notes that the project is currently limited to ranking open source projects hosted on GitHub, but “will be expanding to our source control system in the near future.”

“Though we have made some progress on this problem, we have not solved it and are eager for the community’s help in refining these metrics to identify critical open source projects,” the blog post announcing the project concludes.