I will agree that one needs to be exceedingly careful, but that is what contracts are for. I personally know little of GitHub, but security-wise it seems to be quite strict. Contractually say the updates are to be posted daily to GitHub after any time on the project. Multiple payments based on progress and final percentage based on acceptance testing of a revised design. Don’t know if project management goal posts are applicable, but if a submitted quote includes one there are the payment milestones.
There’s nothing saying multiple contractors be simultaneously engaged, but I would be open with that fact.
?
Cheers,
Dave F.
Dave Farrington