Vulnerability Disclosure regards to Federalist sites

[its-a-lisa-at-work]

Background information

The latest conversation with HackerOne brought up a site that we had put into the Private program and whether or not we wanted to move it to the public program. Since we did so originally because it was a Federalist site, it made me realize that I'm not sure how exactly we want to handle the future of that site or any future/like sites.

Goals

• [ ] Know how to handle the current Federalist site listed in the Bug Bounty Private Program
• [ ] Better understand the relationship of Bug Bounty & Federalist program
• [ ] Create issue for any steps that need to be taken if there is something that needs to be solved above and beyond the current Federalist site

Implementation Steps (no particular order)

• [ ] Federalist policy has been reviewed
• [ ] List of Federalist sites has been acquired
• [ ] Gap analysis of Federalist sites and sites listed on HackerOne
• [ ] Set up conversation with Federalist AO to talk about the Federalist relationship and Bug Bounty program
• [ ] Review Federalist? checklist
• [ ] Make recommendations to change/update Federalist procedures to getting into the Bug Bounty (if necessary)

Acceptance criteria

• [ ] TTS sites created using Federalist sites are listed within scope for the TTS Bug Bounty

---

The assignee can add some checkboxes as a "sketch" of the steps to complete, which may evolve.

[its-a-lisa-at-work]

closing in favor of #34