One possibility would be to write a “Introduction to code auditing” which gives full examples of going in and investigating pieces of qubes code, (including things like where to download the qubes source from), and with a little bit of context so they understand what exactly they are auditing. Possibly even write it as a wikiversity book.
This could get more people into the audit group, even if at a basic level. And once they learn more, they might add that to the book.
We may also want to think through how people should report “hey I found this… is it a problem?” to other auditors before flagging it as a actual problem. (I.E. In short, it may be necessary to thin down the false alarms before they get passed to the qubes team)
One option for reporting would be to have people report it to github so that the report can point to the exact line of code in the exact version of the exact package. Another option would be something more customized where people could report what chunks they have audited, and if they found something or not. Then you could compute summary statics like “how many of the files that I said were fine were later discovered by someone else to have contained a problem?”. This would be actual feedback for people who are now learning code auditing.
Just some Ideas