Many companies are using open source software as the cornerstone of their infrastructure because of the explosion in the use of open source software. You can expect the vendor to be in charge of the products when buying commercial software.
This is no longer the case if you go the OSS route. You will interact with components built by different entities, individuals, or communities. The recent Log4j security issue led to companies requesting support from the project maintainers as they had a contract with them.
Companies need to put in place a lot of elements to make production go smoothly. How to start is here.
How many contributors does the project count? You need to complete a full audit before you commit to using an OSS project. Is it individuals or organizations? The level of involvement is never guaranteed for most of the maintainers.
You are directly contributing to the open source space by working with vendors, ensuring that the OSS tools you are using aren’t going anywhere.
You have to look at the project's speed. How many open feature requests are there? How quickly does the community push them? Ensuring that the project is being maintained and evolving is the goal.
You need to audit the code. Is it documented? Can it handle the use cases that you need? Picking the wrong project could be costly. Many growing startups were forced to spend a lot of effort to decommission and replace projects that they couldn't keep up with.