Use OpenSSF instead of Security in name and add FAQ entry

Also rebased.

Signed-off-by: Arnaud J Le Hors <[email protected]>

Author: lehors

CONTRIBUTING.md

@@ -1,6 +1,6 @@
-# Contributing to Security Scorecard
+# Contributing to OpenSSF Scorecard
 
-Thank you for contributing your time and expertise to the Security Scorecard
+Thank you for contributing your time and expertise to the OpenSSF Scorecard
 project. This document describes the contribution guidelines for the project.
 
 **Note:** Before you start contributing, you must read and abide by our

README.md

@@ -1,4 +1,4 @@
-# Security Scorecard
+# OpenSSF Scorecard
 
 [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/ossf/scorecard/badge)](https://api.securityscorecards.dev/projects/github.com/ossf/scorecard)
 [![OpenSSF Best Practices](https://bestpractices.coreinfrastructure.org/projects/5621/badge)](https://bestpractices.coreinfrastructure.org/projects/5621)

cmd/root.go

@@ -36,10 +36,10 @@ import (
 )
 
 const (
-	scorecardLong = "A program that shows security scorecard for an open source software."
+	scorecardLong = "A program that shows the OpenSSF scorecard for an open source software."
 	scorecardUse  = `./scorecard (--repo=<repo> | --local=<folder> | --{npm,pypi,rubygems}=<package_name>)
 	 [--checks=check1,...] [--show-details]`
-	scorecardShort = "Security Scorecard"
+	scorecardShort = "OpenSSF Scorecard"
 )
 
 // New creates a new instance of the scorecard command.

docs/faq.md

@@ -5,6 +5,7 @@ This page answers frequently asked questions about Scorecard, including its purp
 ## Installation / Usage
   - [Can I preview my project's score?](#can-i-preview-my-projects-score)
   - [What is the difference between Scorecard and other Code Scanning tools?](#what-is-the-difference-between-scorecard-and-other-code-scanning-tools)
+  - [Wasn't this project called "Scorecards" (plural)?](#wasnt-this-project-called-scorecards-plural)
 
 ## Check-Specific Questions
   - [Binary-Artifacts: Can I allowlist testing artifacts?](#binary-artifacts-can-i-allowlist-testing-artifacts)
@@ -34,6 +35,10 @@ You can also use the CLI to generate scores for any public repository by followi
 
 Most code scanning tools are focused on detecting specific vulnerabilities already existing in your codebase. Scorecard, however, is focused on improving the project's overall security posture by helping it adopt best practices. The best solution for your project may well be to adopt Scorecard along with other tools!
 
+### Wasn't this project called "Scorecards" (plural)?
+
+Yes, kind of. The project was initially called "Security Scorecards" but that form wasn't used consistently. In particular, the repo was named "scorecard" and so was the program. Over time people started referring to either form (singular and plural) and the inconsitency became prevalent. To end this situation the decision was made to consolidate over the use of the singular form in keeping with the repo and program name, drop the "Security" part and use "OpenSSF" instead to ensure uniqueness. One should therefore refer to this project as "OpenSSF Scorecard" or "Scorecard" for short.
+
 ## Check-specific Questions
 
 ### Binary-Artifacts: Can I allowlist testing artifacts?