Open BKozisek7 opened 6 years ago
As outlined within RFQ Section 3.0 Requirements, the vendor must make the program visible to its community of researchers, and be able to promote its presence on the platform to those researchers. The vendor must support features that allow the government to promote the program by sharing information about payouts and specific vulnerability reports. The vendor is not required to publicly disclose all vulnerability reports, or to disclose all aspects of tracking, workflow, and payouts on the platform.
Question/Comment on TTS Bug Bounty RFQ
Name and affiliation
Brett Kozisek Director Synack Inc.
Section of RFQ documents
RFQ Section 2.0 - Background - https://github.com/18F/tts-buy-bug-bounty/blob/master/2018-procurement/RFQ.md#20-background Fifth paragraph in this section states “Program management services include services related to promotion of the program, tracking and workflow, and payouts”.
Question/Comment
Does the vendor have to specifically publicly disclose tracking, workflow and payout?