Hi all, just sharing an interesting factoid I came across today about the project.
Google, as part of the Open Source Security Foundation, yesterday released a new project dubbed "Criticality Score", attempting (I am simplifying here for brevity) to create a metric of "how critical" a software is in the software ecosystem. You can read more accurate info about it here: https://opensource.googleblog.com/2020/12/finding-critical-open-source-projects.html They publish the collected metadata and the resulting score (based on the formula described at <https://github.com/ossf/criticality_score>) online as a CSV file. Sidenote: Notice the data seems to refer only to whatever the github API for a repo says, so for example OpenSSL is only 95 months old because that's when the github mirror was created (I opened an issue about this). Anyway, they split the data by language, and, among the analyzed C projects, OpenSSL expectedly scores quite high, being 6th in the top 200 measured C projects. Here is a link directly to the data: https://commondatastorage.googleapis.com/ossf-criticality-score/index.html Cheers, Nicola
