Skip to content

C002 — H3:

Contents

Statement: The claim is directionally correct — critical OSS projects do score poorly on Scorecard — but the specific numbers are imprecise. The actual population may be a different size, the average may be close to but not exactly 5.4, or the scoring methodology may be more nuanced than a simple 0-10 average.

Supporting Evidence Would Show

  • OpenSSF data showing Scorecard scores that are generally moderate (4-6 range) for critical projects
  • Evidence that the one-million figure is an approximation of the actual population
  • Academic analyses showing that the Scorecard aggregate score involves weighting that makes a simple 'average' misleading

Eliminating Evidence Would Show

  • Evidence that critical projects actually score very well (above 7) on average
  • Evidence that the claim's numbers are exact matches to published data

← Back to item overview