Census II of Free and Open Source Software - Application Libraries

By: Frank Nagle, James Dana, Jennifer Hoffman, Steven Randazzo and Yanuo Zhou

Format:Electronic
| Language:English
| Pages:162

Abstract

Produced in partnership with Harvard Laboratory for Innovation Science (LISH) and the Open Source Security Foundation (OpenSSF), Census II is the second investigation into the widespread use of Free and Open Source Software (FOSS). The Census II effort utilizes data from partner Software Composition Analysis (SCA) companies including Snyk, the Synopsys Cybersecurity Research Center (CyRC), and FOSSA. The aggregated data includes over half a million observations of FOSS libraries used in production applications at thousands of companies, aiming to shed light on the most commonly used FOSS packages at the application library level. This effort builds on the Census I report that focused on the lower level critical operating system libraries and utilities, improving our understanding of the FOSS packages that software applications rely on. Such insights will help identify critical FOSS packages to allow resource prioritization to address security issues in this widely used software.

Keywords

Open Source Software; Applications and Software; Cybersecurity; Open Source Distribution

Citation

Nagle, Frank, James Dana, Jennifer Hoffman, Steven Randazzo, and Yanuo Zhou. "Census II of Free and Open Source Software - Application Libraries." White Paper, Linux Foundation and Laboratory for Innovation Science at Harvard, March 2022.