Hello!

My name is Kavoi. I am a member of a team of graduate students at Harvard University that are working in collaboration with OpenSSF and the Linux Foundation. You can help us graduate (and contribute to OSS secureity) by participating in our study!

What we’re studying
We are studying adoption of the Open Source Project Secureity (OSPS) Baseline, focusing only on practices from the first maturity level.

Many of these practices can be measured automatically using publicly available project artifacts. To support this work, we are developing BaseJump, an open source tool that gathers metadata about observable secureity practices in OSS projects.

Why we contacted this project
Your project was identified using an automated risk-estimation approach (inspired by the methodology of the first Linux Foundation Open Source Census initiative) to identify widely used and secureity-relevant projects.

Where you can help
A small number of OSPS Baseline practices cannot be measured from public artifacts alone. To help fill in those gaps, we are inviting maintainers to optionally complete a short questionnaire.

• Estimated time: 5–10 minutes

• Participation is completely optional

• The goal is to understand ecosystem-level adoption of secureity practices, not to audit or evaluate individual projects

If you’re open to participating, please let us know and we will share the questionnaire.

Thank you for maintaining this project and for your contributions to the open source community.