Hey we would be happy to take this on at Hydra (https://hydraoss.io/). We're an agency built for this kind of problem - finding people to fix things in open source. In contrast to a bug bounty program, we manage everything end to end, and the customer just pays us the invoice and doesn't have to deal with anything else. We specialize in Rust but we've had customers from everywhere. Let us know!