Cool to see a company whose annual revenue is $250B announce a $1.25M open source security fund (that’s about three *minutes* of revenue), in a press release that without blinking or apparent irony (1) says maintainers need more time and (2) requires maintainers to take a multi-week, many-hour training program.
https://github.blog/news-insights/company-news/announcing-github-secure-open-source-fund/