Comments (1)
david-a-wheeler
commented on June 10, 2024
Clarification: Obviously it's possible for software to have all 3 of direct network exposure, process network data, and privilege escalation. However, the idea was that in the risk score, only one of them (the worst) was used. To implement this, data was created so that only one (the worst) was set to 1, and the rest were 0... so the data values were mutually exclusive. In retrospect, this wasn't the best choice; this turns out to be confusing and doesn't capture the real situation as accurately as we'd like. So instead, let's force the calculation to only use the "worst" value, and that way, data entry doesn't have to enforce a mutual-exclusive rule. In the long run it might be best to go back and update the data so that it no longer requires mutual exclusivity, and then we might refine the metric further... but this will keep the intent of the current rule and avoid confusion.
from census.
Related Issues (20)
- Future: Consider adding ABRT crash data HOT 2
- Future: Consider adding risk if many "downstream-only" patches
- Future: Consider adding bug report processing information HOT 1
- Future: Consider adding static analysis for vulnerabilities (e.g., hit density) HOT 2
- Consider reporting each part of the risk index's value in the result HOT 2
- Add points if listed in debian-security-support
- separate risk index computation into configuration HOT 2
- Look at Jesus M. Gonzalez-Barahona (Bitergia) information, e.g., Polarsys Maturity Model, GrimoireLab HOT 3
- Example language-level package managers
- Deleted project causes error
- the url: github.com/linuxfoundation is owned by my friend.a thief from your orgnazation stolen my friend's github account, do you know this?
- Record/report trends
- Allow interactive adjustment of weights by users using web browser HOT 2
- Examine other potential ways to get data about OSS projects
- Consider New York City (NYC) 2016 brainstorming ideas
- Add Android/Ubuntu/CentOS info (including popularity)
- Question about oss_package_analysis
- Review "What's in a poke?"
- Review "Influence analysis of Github repositories"
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from census.