Description
As mentioned in the weekly gsoc meeting:
Right now, we don't know that much about our users except when they file issues, since cve-bin-tool has no telementry of any sort. I'm not super interested in building in regular telemetry because I'd rather err on the side of privacy, but we could consider doing an annual user survey to give people an optional chance to give us feedback and let us know what parts of the tool they use and where they'd like us to prioritize development.
So this thread is for discussion of what we'd want to know and why!
Some example questions to get things started
- What types of component analysis do you use in cve-bin-tool? (select all that apply)
- binary scanning
- scanning of language component lists
- sbom scanning
- other (?!)
- What types of output do you use?
- console
- sbom
- vex
- json
- html
- csv
- all of the above
- I didn't even know some of these existed
Not sure how we'd publicize a survey or any of the privacy and data retention details, but step 1 is figuring out what we want to know and why because the data we want to collect will likely impact everything else in the process.