This smells like a quick attempt to enable phishing for vulnerabilities, and not a legit way to make progress. The comment is from a person that runs a security startup and the site is a google site that people can report to google as a scam. (Edit: downvote as you like it— perhaps my language was too harsh to help make the point clear. It is interesting how easy non-sec people fall for names and quotes and authority.. building trust does not come overnight, in fact it is never fully there, and infosec experts would not fall for such supply chain redirections with questionable future. Hopefully we will not have to test this idea soon, though some level of reliability and long-term automation would be welcome. We need technical, generally agreed upon systems, not a “foundation”).