search

18F / tts-buy-bug-bounty

Solicitation and acquisition documents created for the TTS Bug Bounty program that can be reused by other government agencies and organizations.
Other
19 stars 15 forks source link

Requirement Metrics #24

Open BKozisek7 opened 5 years ago

BKozisek7 commented 5 years ago

Question/Comment on TTS Bug Bounty RFQ

Name and affiliation

Brett Kozisek Director Synack

Section of RFQ documents

RFQ Section 3 - Requirements. https://github.com/18F/tts-buy-bug-bounty/blob/master/2018-procurement/RFQ.md#30-requirements
It states “The contractor will provide a Software-as-a-Service platform, with a publicly-available website, for researchers to report security vulnerabilities on publicly available government websites in a manner consistent with the TTS vulnerability disclosure policy.”

Question/Comment

Does the vendor have to disclose the following information based on the 2017 Solicitation under the technical_file.yaml under Service_Platform_Metrics::

MichelleMcNellis commented 5 years ago

The 2017 solicitation does not apply to this requirement. The government is seeking quotations based on the requirements within the 2018 solicitation.