Skip to content

C002 — H3:

Contents

Statement: The 5.4 average is approximately correct for one point in time, but the number of projects tracked is significantly less than one million, or the specific statistic (e.g., 'critical' projects vs. all projects) has been conflated or misremembered by the researcher.

Supporting Evidence Would Show

  • OpenSSF Criticality Score data showing the tracked set is in the hundreds of thousands, not one million.
  • Evidence that the 5.4 figure applies to a specific subset (e.g., the top 200K critical projects) rather than one million.
  • Different averages reported for different project populations.

Eliminating Evidence Would Show

  • OpenSSF documentation confirming exactly one million projects are tracked with a 5.4 average.
  • Evidence that no population of projects has been reported with a ~5.4 average score.

← Back to item overview