It is always thought that the most important projects in terms of open source are the programs, the software. But we always forget something even more vital, and that without it all those other projects (Linux, Apache, LibreOffice, WINE, Firefox, KDE Plasma, etc.) would not be possible. I mean The libraries on which all this software depends, in fact, they are critical pieces, since if they are missing or if they have any problem, they can devastate a multitude of projects (see cases like sabotage to one of these libraries or the impact of the vulnerability in log4j).
For this reason, the LISH o Laboratory for the Science of Innovation at Harvard, in collaboration with the OpenSSF full Linux Foundation, have made a comprehensive study of the importance of open source libraries. Some libraries that are used for many open source and free software projects, as well as being present in production systems of thousands of companies around the world.
In the study, a large sample was taken from a multitude of companies that provided data. And not only with the aim of learning about the most popular libraries, but also helping shield these projects due to their importance., both from the point of view of dependence on them and from the point of view of security, since any vulnerability in any of them would affect thousands of systems (banks, schools, companies, governments, hospitals, etc.). industry, vehicles, homes,…).
In addition, in this study, Harvard University has highlighted the need for:
- Have standardized names.
- Simplify complexity for version control.
- Much of the FOSS library projects sometimes depend on a few people or one person. And, on many occasions, without resources.
- Improve security.
- Clean up legacy software in the open source space. Running projects that are too crude and old is risky.
More information - View PDF of report 1
More information - View PDF of report 2