RFQ Section 3 - Requirements. https://github.com/18F/tts-buy-bug-bounty/blob/master/2018-procurement/RFQ.md#30-requirements
It states “The contractor will provide a Software-as-a-Service platform, with a publicly-available website, for researchers to report security vulnerabilities on publicly available government websites in a manner consistent with the TTS vulnerability disclosure policy.”
Question/Comment
Does the vendor have to disclose the following information based on the 2017 Solicitation under the technical_file.yaml under Service_Platform_Metrics::
The number of security researchers on the SaaS platform?
The number of companies using the platform for bug bounty?
Average times for triage an initial vulnerability report?
Average times for responses of researcher questions and follow ups?
Question/Comment on TTS Bug Bounty RFQ
Name and affiliation
Brett Kozisek Director Synack
Section of RFQ documents
RFQ Section 3 - Requirements. https://github.com/18F/tts-buy-bug-bounty/blob/master/2018-procurement/RFQ.md#30-requirements
It states “The contractor will provide a Software-as-a-Service platform, with a publicly-available website, for researchers to report security vulnerabilities on publicly available government websites in a manner consistent with the TTS vulnerability disclosure policy.”
Question/Comment
Does the vendor have to disclose the following information based on the 2017 Solicitation under the technical_file.yaml under Service_Platform_Metrics::