PREPRINT: Do OpenSSF Scorecard Practices Contribute to Fewer Vulnerabilities?. (arXiv:2210.14884v1 [cs.CR])

Due to the ever-increasing security breaches, practitioners are motivated to
produce more secure software. In the United States, the White House Office
released a memorandum on Executive Order (EO) 14028 that mandates organizations
provide self-attestation of the use of secure software development practices.
The OpenSSF Scorecard project allows practitioners to measure the use of
software security practices automatically. However, little research has been
done to determine whether the use of security practices improves package
security, particularly which security practices have …

contribute openssf practices scorecard vulnerabilities