Allocate $x every month from the budget payouts to a hack the anon tech bounty.

Awards paid out to anyone that produces verified evidence.

When fixed, start the bounty again.

If hacks take 12 months, each year the bounty could build to values that would attract the best code breakers. It should become harder to break things after fixes.

You want to build up a $1m, or even $10m, bounty over time  to make a statement over security.