Solicitation and acquisition documents created for the TTS Bug Bounty program that can be reused by other government agencies and organizations.
Clone or download

README.md

TTS Bug Bounty

Background

As part of its programmatic focus on security, the Technology Transformation Services (TTS) had to purchase access to a pre-existing, commercially available Bug Bounty SaaS Platform that would allow it to manage the TTS Bug Bounty program. The purpose of this acquisition is to give TTS access to a large network of security researchers, people who have an interest in helping to find and address bugs and other technical issues within TTS-owned web applications.

What we're hoping to end up with

The purpose of this solicitation is for the contractor to deliver a Bug Bounty program which TTS will utilize for TTS-owned web applications. The contractor will provide access to their Bug Bounty SaaS Platform for researchers to report vulnerabilities (“Platform/Network Access”) and allow TTS to manage and track issues across multiple public web applications, triage services for those reported vulnerabilities, disburse rewards for effective vulnerabilities, and explain the reasons behind rejections (“Vulnerability Report Triage Services”).

Contributing

See CONTRIBUTING for additional information.

Public domain

This project is in the worldwide public domain. As stated in CONTRIBUTING:

This project is in the public domain within the United States, and copyright and related rights in the work worldwide are waived through the CC0 1.0 Universal public domain dedication.

All contributions to this project will be released under the CC0 dedication. By submitting a pull request, you are agreeing to comply with this waiver of copyright interest.