This is really good news. I just hope that state institutions using OSS don't take it for granted and also start investing (contributing, auditing) into the software they are using. With increasing adoption, OSS also becomes an attractive attack vector for all kinds of malicious parties. Recent events (xz utils) have shown how this can happen.