Census II of Free and Open Source Software — Application Libraries

Download Report

Abstract

Produced in partnership with Harvard Laboratory for Innovation Science (LISH) and the Open Source Security Foundation (OpenSSF), Census II is the second investigation into the widespread use of Free and Open Source Software (FOSS). The Census II effort utilizes data from partner Software Composition Analysis (SCA) companies including Snyk, the Synopsys Cybersecurity Research Center (CyRC), and FOSSA. The aggregated data includes over half a million observations of FOSS libraries used in production applications at thousands of companies, aiming to shed light on the most commonly used FOSS packages at the application library level. This effort builds on the Census I report that focused on the lower level critical operating system libraries and utilities, improving our understanding of the FOSS packages that software applications rely on. Such insights will help identify critical FOSS packages to allow resource prioritization to address security issues in this widely used software. 

Authors

  • Frank Nagle, Harvard Business School
  • James Dana, Harvard Business School 
  • Jennifer Hoffman, Laboratory for Innovation Science at Harvard
  • Steven Randazzo, Laboratory for Innovation Science at Harvard
  • Yanuo Zhou, Harvard Business School

Additional Resources

More About LF Research

Open source communities are at the heart of an explosion of technical innovation, where industry leaders, engineers, and end users are collectively creating and improving the digital infrastructure on which the global economy depends.

With an extensive community of members, connections with thousands of companies, and hundreds of thousands of open source contributors, professionals, solution providers, and users, the Linux Foundation is in a unique position to investigate the growing scale of open source collaboration, and provide insights into emerging technology trends, best practices, and global impact of open source projects.

By leveraging project databases and networks, and through a commitment to best practices in quantitative and qualitative methodologies, Linux Foundation Research is designed to be the go-to repository for open source insights for the benefit of organizations and governments the world over.