Census III Report Details FOSS Health and Security Findings

By

The report studied the most common packages used at the application library level.

Much of the most widely used free and open source software (FOSS) is still developed by only a handful of contributors, according to the Census III report from LF Research, OpenSSF, and the Laboratory for Innovation Science at Harvard.

For the report, the researchers aimed to determine the most widely used FOSS deployed within applications by private and public organizations. Using data from FOSSA, Snyk, Sonatype, and Black Duck, they gathered detailed usage information related to the health and security of FOSS, including use of outdated versions, project staffing, and known security vulnerabilities.

High-level findings in the report include:

  • Use of standardized naming schema for software components is needed.
  • Much of the most widely used FOSS is developed by only a handful of contributors.
  • Individual developer account security is increasingly important.
  • Legacy software persists in the open source space.

Findings related to specific packages include:

  • The use of cloud service-specific packages is increasing.
  • Transition from Python 2 to Python 3 is ongoing.
  • There is continued widespread use of Maven packages and an increased prevalence of NuGet and Python packages.
  • Considerable increase in the use of components from Rust package repositories has been seen since Census II.

Read the complete report at Linux Foundation.
 
 

 
 
 

12/16/2024
Linux Foundation , Open Source , Python , Security

Related content

comments powered by Disqus