Who does the work?
From the article I understand that the authors are proprosing yet another vulnerability database that authors are supposed to pay attention. So more work with no payoff. Seems like they don't understand open source development. Furthermore, it signs like it's based heavily on static code analyses and could, therefore, simply be part of any CI if it isn't already. And it's yet another Github-based project, meaning it will miss a lot of quite important open source libraries and all the proprietary ones.
At least Google's OSS Fuzz actively tests for exploits.