Open Source Summit North America 2022

CHAOSS Project newcomers are increasingly interested in understanding the effects of dependencies on the vulnerability of repositories that constitute an open-source project. At the same time, the relationship between responsiveness to issues, pull requests, and bug fixing is becoming widely accepted as more significant for understanding community health than commit and other measures of project activity. This birds of a feather session is for people who are managing the high wire act between welcoming newcomers and ensuring the timely mitigation of identified vulnerabilities. A new Metrics Model, "Community Welcomingness" is complemented by the CHAOSS "Community Dependency and Vulnerability" metrics model to make these two nuanced, and critical perspectives on open-source health and sustainability at the project level more visible for community managers. What other critical indicators are required for building community in an open-source world where understanding software dependencies, dependency age, and the likelihood of vulnerabilities signaled by those metrics is essential? Talk with folks with such feathers in their briefcases here!