Analyzed
3 minutes
ago.
based on code collected
3 minutes
ago.
Project Summary
The jose.4.j library is an Apache 2 licensed open source implementation of JWS, JWE, JWA and JWK from the IETF JOSE Working Group. It is written in Java and relies solely on the JCA APIs for cryptography.
In a Nutshell, jose4j...
- ...
- ...
-
...
has a well established, mature codebase
maintained by a small development team
with increasing Y-O-Y commits -
...
took an estimated 8 years of effort (COCOMO model)
starting with its first commit in October, 2012
ending with its most recent commit 10 months ago
Quick Reference
https://bitbucket.org/b_c/jose4j
Project Security
Vulnerabilities per Version ( last 10 releases )
Project Vulnerability Report
Security Confidence Index
Poor security track-record
Favorable security track-record
Vulnerability Exposure Index
Many reported vulnerabilities
Few reported vulnerabilities
Did You Know...
-
...
in 2016, 47% of companies did not have formal process in place to track OS code
-
...
anyone with an Open Hub account can update a project's tags
-
...
nearly 1 in 3 companies have no process for identifying, tracking, or remediating known open source vulnerabilities
-
...
you can subscribe to e-mail newsletters to receive update from the Open Hub blog
30 Day SummaryFeb 6 2026 — Mar 8 2026
|
12 Month SummaryMar 8 2025 — Mar 8 2026
|
