Google Comes Up With A Metric For Gauging Critical Open-Source Projects

Written by Michael Larabel in Google on 10 December 2020 at 12:53 PM EST. 17 Comments
Google as part of their involvement in the Open-Source Security Foundation (OpenSSF) has devised the "Criticality Score" as a means of judging crucial open-source projects.

In order for being able to determine projects in need of support for funding or development assistance, Google with the other OpenSSF parties came up with the "Criticality Score" as a 0 to 1 metric for indicating a project's criticalness.

The Criticality Score is calculated based on the age of the project, the last time it was updated, the number of contributors to the project, the number of organizations that contributors belong to, the commit frequency, the releases over the past year, the number of updated and closed issues in the last 90 days, the comment frequency, and the number of project mentions in the commit messages.

According to their automated scoring, the top ten C-based projects rated by the Cruciality Score include Git, the Linux kernel (actually in spots 2 and 3, with the 2nd place spot coming ahead of mainline Linux being the Raspberry Pi Linux kernel), PHP, OpenSSl, systemd, Curl, U-Boot, QEMU, and Mbed-OS.

Their ten most critical C++ projects include Tensorflow, Ceph, PyTorch, Bitcoin, Electron, Marlin, Cataclysm-DDA, LLVM, RocksDB, and QGIS.

Meanwhile for Java projects the top 10 includes ElasticSearch, Flink, Spring-Boot, Hadoop, Netty, Jenkins, Beam, Bazel, Alluxio, and PMD.

Google announced the Criticality Score today and for those wanting to learn more about the Criticality Score or even try it out on arbitrary Git repositories can find out more via ossf/criticality_core on GitHub.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via

Popular News This Week