search

18F / tts-buy-bug-bounty

Solicitation and acquisition documents created for the TTS Bug Bounty program that can be reused by other government agencies and organizations.
Other
19 stars 15 forks source link

Background #21

Open BKozisek7 opened 5 years ago

BKozisek7 commented 5 years ago

Question/Comment on TTS Bug Bounty RFQ

Name and affiliation

Brett Kozisek Director Synack Inc.

Section of RFQ documents

RFQ Section 2.0 - Background - https://github.com/18F/tts-buy-bug-bounty/blob/master/2018-procurement/RFQ.md#20-background Third paragraph in this section there is a statement that states “a contractor provides a Bug Bounty SaaS platform that can achieve the goals of the TTS while providing the best value to the government must be one that is well-established.”

Question/Comment

What metrics will the government use to define a well established Bug Bounty SaaS platform besides the size of the pool of researchers in the community that would use the platform?

MichelleMcNellis commented 5 years ago

TTS intends to make a qualitative determination about whether a vendor is well-established rather than relying primarily on metrics as outlined within RFQ Section 5.0 Evaluation Process.