Skip to content
This repository has been archived by the owner on Oct 16, 2019. It is now read-only.

Requirement Metrics #24

Open
BKozisek7 opened this issue Jul 30, 2018 · 1 comment
Open

Requirement Metrics #24

BKozisek7 opened this issue Jul 30, 2018 · 1 comment

Comments

@BKozisek7
Copy link

Question/Comment on TTS Bug Bounty RFQ

Name and affiliation

Brett Kozisek
Director
Synack

Section of RFQ documents

RFQ Section 3 - Requirements. https://github.com/18F/tts-buy-bug-bounty/blob/master/2018-procurement/RFQ.md#30-requirements
It states “The contractor will provide a Software-as-a-Service platform, with a publicly-available website, for researchers to report security vulnerabilities on publicly available government websites in a manner consistent with the TTS vulnerability disclosure policy.”

Question/Comment

Does the vendor have to disclose the following information based on the 2017 Solicitation under the technical_file.yaml under Service_Platform_Metrics::

  • The number of security researchers on the SaaS platform?
  • The number of companies using the platform for bug bounty?
  • Average times for triage an initial vulnerability report?
  • Average times for responses of researcher questions and follow ups?
@MichelleMcNellis
Copy link
Member

The 2017 solicitation does not apply to this requirement. The government is seeking quotations based on the requirements within the 2018 solicitation.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@MichelleMcNellis @BKozisek7