criticality_score icon indicating copy to clipboard operation
criticality_score copied to clipboard

Published 20 hours ago verified publisher icon ossf

Ideas for Criticality Score V2 from WG discussions

Open inferno-chromium opened this issue 4 years ago • 4 comments

https://docs.google.com/document/d/1LQCeihQQ_N6phUSixfAJMUnu5XbTEBjChLFa3CwyWAw/edit#heading=h.uerhnqr9ckrs

inferno-chromium avatar Feb 06 '21 17:02 inferno-chromium

@coni2k @nuthanmunaiah @naveensrinivasan - fyi in case you have ideas on this problem.

inferno-chromium avatar Feb 06 '21 17:02 inferno-chromium

Thanks for sharing the document @inferno-chromium. I will check the CII links/reports later on. I was already curious about the details; how are you planning to fund the projects once we have a proper output etc. I just joined to the email list, and planning to join to the next meeting. So, hopefully we can meet & discuss these details in the meeting.

coni2k avatar Feb 07 '21 18:02 coni2k

@inferno-chromium Have we considered a PageRank-style of computing criticality score? For instance, assuming kernel is a critical project, the criticality score of a project (say foo) that kernel depends on must be compounded given the fact that a vulnerability in foo can have widespread impact given the criticality of kernel.

nuthanmunaiah avatar Feb 11 '21 16:02 nuthanmunaiah

I would also like to know which projects (and their criticality) influence the score (think page rank)

kerberosmansour avatar Jun 03 '21 17:06 kerberosmansour