Fellow infosec folks:
If I wanted to incentivize people to try and exploit Hubris, what should I do? What would you want to see?
While open source, the system is mostly used by Oxide, a for-profit company, so I would expect "am I doing this for free" to come up. Explicit threat model is also good. What else?
We've hired firms for this but with mixed results (they mostly know C). I wanna open it to everyone else. I would be _delighted_ to give guidance.
Boost away.