This project was initially called “Security Scorecards” but that form wasn’t used consistently. In particular, the repo was named “scorecard” and so was the program. Over time people started referring to either form (singular and plural), with or without “Security”, and the inconsitency became prevalent. To end this situation the decision was made to consolidate over the use of the singular form in keeping with the repo and program name, drop the “Security” part and use “OpenSSF” instead to ensure uniqueness. One should therefore refer to this project as “OpenSSF Scorecard” or “Scorecard” for short.
OpenSSF Scorecard is being developed and facilitated by contributors from across the OSS ecosystem.
We’re part of the Open Source Security Foundation (OpenSSF), a cross-industry collaboration that brings together OSS security initiatives under one foundation and seeks to improve the security of OSS by building a broader community, targeted initiatives, and best practises.
OpenSSF launched Scorecard in November 2020 with the intention of auto-generating a “security score” for open source projects to help users as they decide the trust, risk, and security posture for their use case.
Scorecard is part of the OpenSSF Best Practices Working Group.
If you want to get involved in the OpenSSF Scorecard community or have ideas you’d like to chat about, we’d love to connect.