TL;DR security vulnerabilities introduced by new Rust contributors are largely less than C++ contributors. They use the amount of commits to measure it as experience. It confirms the claim of the

Namely, while it may still be true that Rust may feel like a more difficult language to learn, in at least some ways, new contributors benefit from its adoption, with their first contributions being less than 2% as likely to introduce vulnerabilities as C++, and first-time contributors appearing at a notably higher rate in the projects examined.

The results should not be used as is, as there are some effects:

• does Rust increase the number of contributors or does Rust act as its own filter and
  reduce the rate of new contributors entirely
• it is possible Rust developers are more experienced with programming in general. Note that the study focused on new contributors, not new maintainers.
• at around 18,000 commits, a C++ developer will be less likely to introduce a vulnerability than an equivalently experienced Rust developer.
• Finally, there is some limitation to these results in that they
  all come from Oxidation projects.