Hello Sustainers! 
We at Superbloom is running a survey of users across multiple programming language ecosystems on behalf of the OpenSSF and are looking for individuals to participate in 45-60 mins remote, user research session to explore and learn about your understanding of the security, safety and integrity of software artifacts in their open source software supply chains (or the term ‘software attestations’) and how you understand and gather information on the security and ‘authenticity’ of a software artifact or collection of software artifacts. You can be doing this for either your work/job or in a contributor/voluntary capacity.
We’re interested in learning from people that are familiar with this term and process and also people that are not familiar and unsure of this term. Both experts and beginners offer valuable insights on how to make software better.
The research goal is to better understand the security, safety and integrity of software artifacts in their open source software supply chains. In order to apply these learnings to visual and user interface style guidance to help standardise software attestations across multiple open source artifacts/dependancies/libraries.
Our research takes a casual conversation format and we can send questions ahead of time for those that need accessibility/disability support. As a gesture of appreciation for your time, we’re paying $25 USD/per hour via Tremendous.com (or a local equivalent). To apply, kindly fill out our private, self-hosted form beforehand. Check out our privacy policy and please note that we do not keep data on individuals past a project completion.
Please respond to this survey by July 4th. This is when we’ll close it for applicants. If you have questions for us before you fill out the survey or you find an error in the survey, you can send a secure email via pgp to eriol@superbloom.design or to Superbloom’s Signal username: superbloom.03
Please feel free to forward this survey and messaging to anyone outside of this specific communication that you think would add benefit to this research.
You can check out our privacy policies here: Legal – Superbloom
To be transparent and open, you can track this project’s work on our github repository here: GitHub · Where software is built
Thank you for your time - we look forward to hearing from you!