Comment by TiredGuy

On that note, the article states that it donates more to higher risk projects, and risk increases by OpenSSF score. One question I had about the article is does that mean that projects with more security vulns get a higher donation? If so, then that might become a perverse incentive to leave security gaps in your code.