OpenSSF is using this form to collect potential candidates for the "Top 100" most critical open source projects.
By "most critical", we mean those projects that, if a critical security vulnerability were found and exploited, could cause catastrophic damage (economic, societal, human life, safety, etc.). It will be used to direct and prioritize security assurance activity (via the OpenSSF Alpha project).
Feel free to consider open source libraries, packages, frameworks, stand-alone systems, or even structural/systemic parts of the open source ecosystem. If you're not sure whether you should include something, just include it and we can sort it out afterwards.
You *may* consider this question from the perspective of your organization/business, but you don't have to. All answers are collected anonymously (without attribution), but the results will be publicly available, so please do not include identifying information in your response.
Please don't consider the current security posture of the project when filling out this form.
For more information on Alpha, please see:
https://docs.google.com/document/d/1u7Ps18dzu9M-HF7ZHTK6VB5jLaVJvnw6uq3o7qw5yGE/edit?usp=sharing