Identifying Critical Open-Source Projects
St. Pölten UAS Researchers Develop New Online Platform
In their project CrOSSD (Towards a Critical Open-Source Software Database), researchers of the St. Pölten University of Applied Sciences developed the platform “health.crossd.tech” that can identify important and critical open-source software projects (OSS) and measure their “health status” through automated analyses. The platform serves as a decision-making aid in the selection of open-source software. The project received funding for innovative projects from netidee.
Open-source software projects are used by countless (national) companies and public authorities. So far, however, there has been no efficient way of examining or automatically reviewing the “health condition” of these OSS. The new platform CrOSSD makes this possible and can be used as a tool to facilitate decision-making.
The responsible project team members from the Institute of IT Security Research at the St. Pölten UAS – Tobias Dam, Lukas Daniel Klausner, and Sebastian Neumaier – thus made a valuable contribution to the transparent and critical assessment of OSS projects.
“The purpose of CrOSSD is to support OSS projects in assessing their own ‘health’ and to help institutions, funding bodies, etc. to provide critical OSS projects with the necessary resources for stable, resilient operation”, emphasises Tobias Dam, the platform’s main developer.
First Comprehensive Analysis for OSS Projects
The objective of CrOSSD was to investigate the status quo regarding the “health” of OSS projects (especially critical ones). “Health” was defined using various metrics such as stability, resilience, security, and compliance. Previous approaches offered only the metrics, best practices, and possibly scores for individual aspects – but no extensive analysis, holistic assessment, or continuous evaluation of these metrics in large open-source projects.
Application of Automatable Metrics
Diverse metrics are used within the platform based on the following aspects:
- Community: The number and diversity of people involved are indicators of a community’s health.
- Development and Activity: Activity indicators include the commits carried out by participants as well as releases, branches, and forks of a project.
- Criticality: In this context, important pieces of information are a project’s dependencies and known (security) weaknesses.
- Compliance: Compliance refers to the ability of OSS projects to function in a stable manner. Indicators are the adherence to best practices and security guidelines.
The project results offer a comprehensive overview of the health status of OSS projects and make it easier for developers, service providers, and interest groups to take well-informed decisions.
netidee Project Funding
For their innovative project, the researchers succeeded in securing one of the much sought-after project funding grants from netidee. The funding programme netidee is the biggest internet funding campaign in Austria. It promotes projects that provide effective impulses for the further development and use of the internet to support the favourable development of society.
Further reading:
