Contribution account age as a factor

[joubin]

Is your feature request related to a problem? Please describe. Not a problem, pure enhancement request

Describe the solution you'd like

In assessing the security and trustworthiness of open-source libraries, two additional metrics should be considered: the diversity of contributors and the age of their GitHub accounts. This approach could offer early indicators of potential security risks, as seen in scenarios like CVE-2024-3094. While not foolproof—given the possibility of using older accounts for malicious purposes—these metrics serve as valuable signals. Specifically, libraries with contributions from newer accounts or from individuals with limited cross-project involvement could be flagged for closer scrutiny. Conversely, libraries benefiting from longstanding contributors with extensive cross-project activity should be deemed more reliable. This system recognizes the potential for false positives but aims to enhance overall security postures by identifying unusual contribution patterns indicative of risks.

Describe alternatives you've considered

I cannot think of an alternative, but hope to use this issue as a thread to conduct the conversation around this

Additional context

Good visual for understanding the issue Clear writeup