The ease in adopting open source software means that organizations sometimes use open source software without giving much thought to whether the projects that produce that software are likely to be viable over the long-term. What happens when a project changes their license, stops making security updates, or has other issues that impact its usage? When an open source project that later becomes unviable has already been incorporated into your products or services, this can have implications for your users, customers, and reputation. It’s worth spending time to critically assess whether a project is likely to be successful and continue to meet your needs over the long-term. Open source project decisions have strategic implications that should be proactively evaluated to identify risks that can be mitigated. Ultimately, whether to use an open source project boils down to balancing the risk vs. the reward for your use case. This talk will compare the risks and rewards associated with projects under neutral foundations vs. those controlled by companies and look at how the people leading and contributing to the project can influence risk. The presentation will contain details about how to assess project policies, governance, security practices, adoption, and community dynamics that can impact the stability and overall success of a project. Throughout the presentation, there will be discussions about techniques for measurement and which collections of metrics might be appropriate for your evaluations. The audience will walk away with practical advice about how to strategically evaluate the viability of open source projects and assess the risks and rewards for their situation. The presentation also provides insight into how other people might evaluate the sustainability of your organization’s projects.