Abstract

Modern digital ecosystems are driven by open-source software (OSS) used as a scalable, innovative, and cost-efficient option for organizations of all sizes. Nevertheless, cybersecurity dangers should also be inherent in the adoption of OSS: Vulnerabilities in dependencies, unorganized upkeep, and the plausible threat of conforming to legal requirements. This paper, therefore, proposes an AI-improved risk evaluation model that has been made of quantitative tools such as Snyk Advisor and OpenSSF Scorecard with qualitative aspects such as Software Development Life Cycle (SDLC) adherence, data sensitivity, and organizational fit. The model is intended to enable large organizations, government entities, and nonprofits to evaluate and reduce the risks of OSS adoption. This study shows, by way of an example, how this model can be used in practice to quantify risks and devise secure adoption strategies, applying it to a Microsoft OSS project, SignalR. The results emphasize the significance of joining together automated metrics with contextual adjustments to maintain adequate cybersecurity and operational alignment in OSS implementation.