The OpenSSF is supposedly an important organization of experts, but I only know two things about them: the scorecard that has been unhelpful for Flask for years, and the terrible post about xz. Here's what overworked maintainers actually need from a group of security experts: direct long term contribution, to teach and improve a project's security. Don't just show us a big list of extra work, directly contribute to help us fulfill the list. #OpenSource#OpenSSF
