At the time of writing Hats, multisig members are set as the governance.
Once enough tokens will be in the hands of the community (approximately 90 days after the liquidity mining starts) we will activate the governance either by using snapshot, Tally or similar on-chain/off-chain voting -Governance mechanisms are still being considered and we will be happy to get your input.
This grace period provides the Hats community enough time to familiarize itself with the governance system, and to begin discussions and communications around potential governance proposals. A community-managed treasury presents a world of endless possibilities. We hope to see a diversity of experimentation, including ecosystem grants and public goods funding, both of which can encourage additional Hats ecosystem growth.
As part of the reward to the Hacker \ Auditor for successfully disclosing the vulnerability, with the approve function, the Hat's governance will receive a portion of each vulnerability that is disclosed for any project as an additional HAT token reward.