CrOSSD– Towards a Critical Open-Source Software Database

Develops an assessment tool for open source projects.

Background & Project Content

Open-source software (OOS) projects are based on a self-organized organizational structure. They are carried out by groups of developers that share experiences, information, and ideas, and work together to create solutions that are freely available. Many businesses and government organizations intend to or even employ OOS, but it is often unclear whether it sufficiently satisfies all their requirements.

As part of the CrOSSD project, we are developing a platform that helps to check the quality of OSS projects and to facilitate decision making when picking a product. In contrast to existing metrics, best practices and scores used to determine the "health" of OSS-projects, we pursue a holistic approach and rely on various metrics (covering stability, resilience, security and compliance, among others) instead of focusing on only one specific aspect.

Target groups

CrOSSD is aimed at different target groups. One of them is the OSS communities themselves, who can use the CrOSSD platform to raise the visibility of their projects and as a result attract long-term support. Additionally, CrOSSD can improve coordination between developers, who frequently come from diverse industries and can be spread around the globe.

Another target group are institutions, funding agencies, public authorities, commercial stakeholders, foundations, etc., who are generally willing to support OSS projects, but need more information to be able to do so effectively and to make better decisions about the type of support.

The CrOSSD platform also benefits software developers, as they use OSS libraries for professional purposes or develop software with them. For this, they need more information about the “health state” of OSS projects.

Methods and functional scope

Quantitative and qualitative metrics are developed in the project. The quantitative metrics rely on, for instance, meta-data about contributors, information about the most recent changes (commits), reported vulnerabilities (security metrics) and download rates (relevance metrics), which give insight into the popularity of a project. Qualitative metrics include, to give a few examples as well, sustainability criteria, activity indicators, and security policies. 

The CrOSSD platform is promoted at numerous meet-ups and used in classrooms to maximize its impact. Relevant communities, development platforms, as well as corporate partners, are contacted and involved. First results have been already presented at scientific conferences (including The Web Conference 2023).


Many current Internet technologies have their roots in OSS projects. Therefore, assessments of OSS projects are required to guarantee high standards of quality. With CrOSSD, we offer the OSS community a tool that performs such assessments to inform about a project’s modifications and about its "health status". Both quantitative and qualitative metrics are used for this aim and made available on an open platform.

Diverse Internet use is based on a robust OSS ecosystem. The CrOSSD platform highlights this diversity and - apart from the large, already well-known and popular projects - also puts alternative, local (Austrian) OSS projects in the spotlight.

Further Information:




Press release:

You want to know more? Feel free to ask!

Senior Researcher Institute of IT Security Research
Department of Computer Science and Security
Location: B - Campus-Platz 1
IPA (Netidee)
04/01/2023 – 03/31/2024
Involved Institutes, Groups and Centers
Forschungsgruppe Data Intelligence
Institute of IT Security Research