Explore the challenges and opportunities in measuring open source software project health and sustainability in this conference talk from the CHAOSS project. Delve into the complexities of assessing project risk using CHAOSS metrics, focusing on five key areas: security, code quality, licensing, transparency, and sustainability. Learn about the CHAOSS mission, working groups, and key stakeholders involved in developing risk metrics. Examine the risk framework, including concepts like wargames, trusted devices, and software bill of materials. Gain insights into evaluating code quality, accurate identification, test coverage, and licensing issues. Discover how to assess project sustainability and understand various dimensions of risk in open source projects. Conclude with a discussion on additional risk concerns and an opportunity for questions.