What metrics will the government use to define a well established Bug Bounty SaaS platform besides the size of the pool of researchers in the community that would use the platform?
TTS intends to make a qualitative determination about whether a vendor is well-established rather than relying primarily on metrics as outlined within RFQ Section 5.0 Evaluation Process.
Question/Comment on TTS Bug Bounty RFQ
Name and affiliation
Brett Kozisek Director Synack Inc.
Section of RFQ documents
RFQ Section 2.0 - Background - https://github.com/18F/tts-buy-bug-bounty/blob/master/2018-procurement/RFQ.md#20-background Third paragraph in this section there is a statement that states “a contractor provides a Bug Bounty SaaS platform that can achieve the goals of the TTS while providing the best value to the government must be one that is well-established.”
Question/Comment
What metrics will the government use to define a well established Bug Bounty SaaS platform besides the size of the pool of researchers in the community that would use the platform?