Most developers choose an open source project based on a combination of how well the software suits the task at hand, whether the developers of the project are active, and whether the project has a good reputation. Yet, with vulnerabilities in open source components a key security problem for software teams, finding better metrics to inform choices is necessary, according to software tool makers.
Read full article on Dark Reading