wg-securing-critical-projects
criticality_score
wg-securing-critical-projects | criticality_score | |
---|---|---|
15 | 13 | |
312 | 1,282 | |
3.2% | 0.6% | |
5.1 | 8.6 | |
6 days ago | 5 days ago | |
Go | ||
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
wg-securing-critical-projects
- Adressing Misconceptions
-
Iām aware that the template is kinda bad
1.https://www.privacyguides.org/basics/threat-modeling/ 2. https://www.privacyguides.org/linux-desktop/overview/ 3. https://www.privacyguides.org/basics/common-threats/#common-misconceptions 4. https://madaidans-insecurities.github.io/linux.html 5. Founder of Qubes 6. https://twitter.com/justinschuh/status/1190347400885329920 7. https://github.com/ossf/wg-securing-critical-projects/blob/main/presentations/The_state_of_the_Linux_kernel_security.pdf 8. https://grsecurity.net/10_years_of_linux_security.pdf 9. https://grsecurity.net/~spender/interview_notes.txt 10. https://twitter.com/grsecurity/status/1249850031357788162 11. https://seclists.org/oss-sec/2019/q2/165 12. https://arxiv.org/abs/2105.14565 13. https://theinvisiblethings.blogspot.com/2011/04/linux-security-circus-on-gui-isolation.html 14. https://chromium.googlesource.com/chromiumos/docs/+/HEAD/sandboxing.md 15. https://docs.microsoft.com/en-us/windows/uwp/security/intro-to-secure-windows-app-development#41-windows-app-model
- Linux may be Private, but it is not secure. Although Privacy is not that useful without security. The misconception that opensource is secure baffles me.
- ossf/wg-securing-critical-projects: Helping allocate resources to secure the critical open source projects we all depend on.
-
Google wants to work with government to secure open-source software
[3] https://github.com/ossf/wg-securing-critical-projects#how-we...
-
How impactful is free and open source software development?
It's security-specific, but I appreciate that in the wake of Heartbleed, the industry really did take things seriously, from the Linux Foundation's Core Infrastructure Initiative (now OpenSSF's Securing Critical Projects Working Group) to Project Zero, the latter of which is still quite active testing everything from Windows filesystem "filter drivers" to Apple's ImageIO library to old versions of Acroread to GhostScript sandboxing.
- If you want HDR content from the web to display properly on a retina display, use a Chromium-based browser.
- The State of the Linux Kernel Security (2020)
- The_state_of_the_Linux_kernel_security(2020) [pdf]
-
Microsoft pulls Windows 10 AMD driver causing PCs not to boot
I am not sure point you are making here? Are you saying linux is freaking stable, not even linux kernel developers gonna agree with you! (https://github.com/ossf/wg-securing-critical-projects/blob/main/presentations/The_state_of_the_Linux_kernel_security.pdf)
criticality_score
- Open Source Project Criticality Score
-
Open source public fund experiment - One and a half years update
TL;DR: I could extend the Criticality Score algorithm with usage metrics from Ecosyste.ms API and apply it to all open source accounts under the Open Collective, so we have a new ranking now! I also made it possible to change the weights of each parameter so that you can try the algorithm by yourself.
-
Discover Awesome Python projects
As mentioned in the description, the score is based on the OpenSSF criticality score. I dropped some of the features that are difficult to get from GitHub due to crawl limits, as well as changing some weights.
- criticality_score - Gives criticality score for an open source project
- ossf/criticality_score: Gives criticality score for an open source project
-
Is Spring still relevant and how do you know?
I am doing some research based on the criticality scores assigned by this project to different technologies: https://github.com/ossf/criticality_score
-
'Securing Open Source Software Act' Introduced to US Senate
LF OpenSSF "criticality score" for 100,000 Github repos, https://github.com/ossf/criticality_score & https://docs.google.com/spreadsheets/d/1uahUIUa82J6WetAqtxCM...
> Generate a criticality score for every open source project. Create a list of critical projects that the open source community depends on. Use this data to proactively improve the security posture of these critical projects ... A project's criticality score defines the influence and importance of a project. It is a number between 0 (least-critical) and 1 (most-critical). It is based on the following algorithm by Rob Pike
Top 20 projects:
> node, kubernetes, rust, spark, nixpkgs, cmsSW, tensorflow, symfony, DefinitelyTyped, git, azure-docs, magento2, rails, ansible, pytorch, PrestaShop, framework, ceph, php-src, linux
- Google wants to work with government to secure open-source software
-
Open source public fund experiment
For more information, please check the Criticality Score repo itself.
- Quantifying Criticality [pdf]
What are some alternatives?
vello - An experimental GPU compute-centric 2D renderer.
AutoGPT - AutoGPT is the vision of accessible AI for everyone, to use and to build on. Our mission is to provide the tools, so that you can focus on what matters.
itpol - Useful IT policies
wg-best-practices-os-developers - The Best Practices for OSS Developers working group is dedicated to raising awareness and education of secure code best practices for open source developers.
repo
criticality_score - Gives criticality score for an open source project
filmulator-gui - Filmulator --- Simplified raw editing with the power of film
awesome-python - š Hand-picked awesome Python libraries and frameworks, organised by category