FOSSEPS Critical Open Source Software Study Report
The FOSSEPS Critical Software study was launched in November 2021 to identify (and suggest ways to fix) the critical software in use at European Public Services. The study team led by Deloitte (supported by Inno3, a specialist open source company from Paris), received 21 responses from survey questionnaires sent to over 191 European public services. Separately, 13 open source sustainability and security experts were also interviewed. The authors write that the low response-rate from public services "reflects the complexity of the subject, rather than a lack of effort or enthusiasm". "It emerged that public services do not have adequate technology tools to establish open source software dependencies."
The researchers compiled a list of 30 critical software, open source projects. Examples include Curl, software for interacting with web content, M2crypto, a Python wrapper for OpenSSL, and Libxml2, a library for parsing XML documents. Development of these projects involve about a handful of developers or less. These projects have a low 'bus factor”; there are high risks for information and capabilities not being shared among team members in case "they get his by a bus".