the same as your browser trust some https domain. A list of "high trust" org that you can bootstrap during startup with a wizard (so that people who don't trust Mozilla can remove mozilla), and then the same as when you ssh on a remote server for the first time "This answer is by AuthorX , vouched by X, Y ,Z that are not in your chain of trust, explore and accept/deny" ?

Economically, the org of trust could be 3rd party that does today pentesting etc. it could be part of their offering. I'm a company I pay them to audit answers in my domain of interest. And then the community benefits from this ?