The FreeBSD Security Team works with other software distributors to make sure that they have advisories and patches ready when bugs are first disclosed publicly.
In my years as FreeBSD Security Officer, we in very rare cases gave advance notice of vulnerabilities to end users, and those decisions were made on the basis of "we happen to know that these people are using the software in a way which makes them particularly vulnerable". (In most or all such cases we didn't even provide a patch, just a warning of "make sure you have people around at 10AM tomorrow in case you need to release an update quickly".)
Nobody ever got advance notice by virtue of having donated money, and I reminded Security Team members that they should not give any advance disclosure to their employers.
In my years as FreeBSD Security Officer, we in very rare cases gave advance notice of vulnerabilities to end users, and those decisions were made on the basis of "we happen to know that these people are using the software in a way which makes them particularly vulnerable". (In most or all such cases we didn't even provide a patch, just a warning of "make sure you have people around at 10AM tomorrow in case you need to release an update quickly".)
Nobody ever got advance notice by virtue of having donated money, and I reminded Security Team members that they should not give any advance disclosure to their employers.