The Linux Foundation and the Lab for Innovation Science at Harvard University published an overview of the most frequently used open source software. The overview provides insight into top open source software in order to discuss and improve security.

Open source software is being developed and used in enormous quantities. The decentralized development process can make it difficult to find the most used programs. This has implications for software security. As such, the Census II overview came about. Census II shows the most widely used open source apps and libraries.

Out of more than half a million FOSS libraries used in production, the researchers identified 500 of the most used npm libraries. The list is headed by libraries such as npm lodash, npm react and npm axios.

The top three non-npm libraries are led by maven: org.slf4j:slf4j-api, nuget: json.net and maven com.fasterxml.jackson.core:jackson-databind.

Insight

The Linux Foundation and Lab for Innovation Science suggest ways to improve open source FOSS library security and health. The leading suggestion is a standardized naming scheme for open source components. Currently, packages often include a number of associated complexities.

In addition, it appears that the most widely used open source software is often developed by a small number of contributors. The security of their development accounts is of increasing importance. Furthermore, it appears that legacy software is prone to have a permanent presence in the open source ecosystem.