Despite its widespread use throughout myriad industries, the economic impact of Free and Open Source Software (FOSS) is poorly understood and poorly measured. Further, due to the decentralized nature of the OSS development process, security issues are not always addressed in a timely manner.
The Laboratory for Innovation Science at Harvard has partnered with the Linux Foundation to establish the Core Infrastructure Initiative (CII) - a network of researchers and practitioners from across academia, government, nonprofit, and industry working to advance the field of open source software. The CII will examine the prevalence, impact, and durability of FOSS in the economy via research and engagement with the community that will engender the adoption of beneficial norms and effective practices to enhance the security and efficacy of all FOSS projects.
Through the creation of a shared data repository, the CII aims to take a census of all FOSS projects in the economy, identify critical open source projects, measure their economic value and work in partnership with FOSS leaders and community members to identify security issues and to enshrine security and quality as valued norms and best practices.
In February 2020, CII released the Census II analysis and report identifies the most commonly used FOSS components in production applications derived from private usage data sets contributed by Software Composition Analysis (SCAs) and application security companies, including developer-first security company Snyk and Synopsys. This report represents the next step of many that is intended to inform new tools and standards that can support the trusted and transparent creation, distribution, and consumption of open source software.