| ▲ | dcsommer 3 days ago | |
It would be cool to build a "library clout" measure for all open source software. First collect for all deployed software systems measures of usage per platform and along other interesting dimensions like how that system relates to others (is it a common dependency or platform for other deployed software). Use this to generate "clout" at a deployed software unit level. Then detect all open source libraries compiled in it by binary signature matching or through the software's own build system if it is open. Then a library's "clout" is built from the clout of the projects that use it. This clout score might be used to guide investments in a non-profit for funding critical OSS. Data collection would be challenging though, as would callibrating need. Basically make a rigorous score to track some of the intuition from https://xkcd.com/2347/ | ||
| ▲ | phi-go 3 days ago | parent | next [-] | |
There is one, though, focused on security: https://openssf.org/projects/criticality-score/ | ||
| ▲ | soulcutter 3 days ago | parent | prev [-] | |
Sounds like tidelift | ||