search

18F / tts-buy-bug-bounty

Solicitation and acquisition documents created for the TTS Bug Bounty program that can be reused by other government agencies and organizations.
Other
19 stars 15 forks source link

Requirements Pricing #25

Open BKozisek7 opened 5 years ago

BKozisek7 commented 5 years ago

Question/Comment on TTS Bug Bounty RFQ

Name and affiliation

Brett Kozisek Director Synack Inc.

Section of RFQ documents

RFQ Section 3.0 - Requirements https://github.com/18F/tts-buy-bug-bounty/blob/master/2018-procurement/RFQ.md#30-requirements Within Bug Bounty pool management - under sub bullet three it states “Once classified and deemed within the scope of the vulnerabilities, the vendor will manage payout to the reporter based on the agreed up bounty reward tiers by the contractor and TTS”.

Question/Comment

Can the vendor/contractor manage the payout directly without TTS when a Firm Fixed Price Model is used?

MichelleMcNellis commented 5 years ago

Yes, for undisputed payouts, the vendor can manage the payouts directly under our selected contract type.