Requirements Pricing

[BKozisek7]

Question/Comment on TTS Bug Bounty RFQ

Name and affiliation

Brett Kozisek
Director
Synack Inc.

Section of RFQ documents

RFQ Section 3.0 - Requirements https://github.com/18F/tts-buy-bug-bounty/blob/master/2018-procurement/RFQ.md#30-requirements
Within Bug Bounty pool management - under sub bullet three it states “Once classified and deemed within the scope of the vulnerabilities, the vendor will manage payout to the reporter based on the agreed up bounty reward tiers by the contractor and TTS”.

Question/Comment

Can the vendor/contractor manage the payout directly without TTS when a Firm Fixed Price Model is used?

[MichelleMcNellis]

Yes, for undisputed payouts, the vendor can manage the payouts directly under our selected contract type.