The Open Source Security Foundation (OpenSSF), as its name plainly states, aims to help make open source software more secure, but improvements flowing from its efforts are hard to find. Computer scientists at North Carolina State University have put one of its tools to the test by evaluating software package registries npm and PyPI using OpenSSF Scorecards.
Read full article on The Register