1st step is analyzing for history of code quality using static analysis tool. Has a serious bug been fixed with the minor version up? When major version up is made, how many new serious bugs increase this OSS?
This analysis cannot be based on the number of bug fix. It need to use a static analysis tool to analyze the unfixed bugs.
...