Learn more about the Core Infrastructure Initiative (CII) and the importance of investing in open source software security.

Open Source Security Census: Open Source Software Projects Needing Security Investments

Authors: David A. Wheeler, Project Leader (Institute for Defense Analyses) & Samir Khakimov (Institute for Defense Analyses)

This document provides information captured as part of our process to help identify open source software (OSS) projects that may need investment for security. It captures a brief literature search of ways to try to measure this and then describes the results we have captured so far.

Download Whitepaper

---

Census Project Summary (A Short Summary of the Open Source Security Census: Open Source Software Projects Needing Security Investments White Paper)

Author: Core Infrastructure Initiative

The Census Project represents CII’s current view of the open source ecosystem and which projects are at risk, and therefore strong candidates to receive CII funding. It does not assess the security of the projects themselves. CII members expect The Census Project to accelerate the process by which projects in need receive more resources. We look forward to feedback on the effort in order to improve the census itself and subsequently the software that we all depend on for our privacy and security.

Download Whitepaper

---

Fuzzing Project Reports

Author: Hanno Böck

These documents are the quarterly report from the Fuzzing Project on bugs found, project happenings and other observations made while executing fuzz tests on key open source projects.

Download July 2015

 

Download September 2015

 

Download December 2015