Learn more about the Core Infrastructure Initiative (CII) and the importance of investing in open source software security.
Open Source Security Census: Open Source Software Projects Needing Security Investments
Authors: David A. Wheeler, Project Leader (Institute for Defense Analyses) & Samir Khakimov (Institute for Defense Analyses)
This document provides information captured as part of our process to help identify open source software (OSS) projects that may need investment for security. It captures a brief literature search of ways to try to measure this and then describes the results we have captured so far.
Census Project Summary (A Short Summary of the Open Source Security Census: Open Source Software Projects Needing Security Investments White Paper)
Author: Core Infrastructure Initiative
The Census Project represents CII’s current view of the open source ecosystem and which projects are at risk, and therefore strong candidates to receive CII funding. It does not assess the security of the projects themselves. CII members expect The Census Project to accelerate the process by which projects in need receive more resources. We look forward to feedback on the effort in order to improve the census itself and subsequently the software that we all depend on for our privacy and security.
Fuzzing Project Reports
Author: Hanno Böck
These documents are the quarterly report from the Fuzzing Project on bugs found, project happenings and other observations made while executing fuzz tests on key open source projects.