This repository has been archived by the owner on Oct 16, 2019. It is now read-only.
Background on Researchers #22
Comments
|
TTS is not seeking to vet researchers for trust, skill, or quality prior to being included in any test. As outlined within RFQ Section 3.0, Requirements, TTS seeks a fully public bug bounty that allows for reports to be accepted from any eligible security researcher, where eligibility is defined as meeting the platform and vendor’s requirements to participate within the program. TTS is interested in the quality of the reports it receives, and in the features and service a bug bounty platform may offer that contribute to high report quality. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Question/Comment on TTS Bug Bounty RFQ
Name and affiliation
Brett Kozisek
Director
Synack Inc.
Section of RFQ documents
RFQ Section 2.0 - Background - https://github.com/18F/tts-buy-bug-bounty/blob/master/2018-procurement/RFQ.md#20-background
Third paragraph in this section states “The larger the community of security researchers in the Bug Bounty SaaS Platform provider’s network, the better the chance TTS has of finding bugs and technical issues within their web applications.”
Question/Comment
Specific to the network of security researchers, can the government confirm they are expecting quality over quantity?
Is there an expectation that allowed researchers have been properly vetted for trust and skill prior to being included in any test?
The text was updated successfully, but these errors were encountered: