You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Oct 16, 2019. It is now read-only.
RFQ Section Section 7.0 Type of Contract - https://github.com/18F/tts-buy-bug-bounty/blob/master/2018-procurement/RFQ.md#70-type-of-contract
It states the following “Based on the nature of this requirement, the government intends to award a hybrid Firm-Fixed-Price (FFP) and Firm-Fixed-Price Not-To-Exceed (NTE) contract type. The contract will include a FFP CLIN for access to the platform and triage services. The bounty pool will be NTE, with varying vulnerability levels but with all costs paid directly to the researchers.”
Question/Comment
Can the vendor respond with maintaining and coordinating the Bug Bounty program as a complete Fix Firm Price Model?
Would this disqualify the vendor if submitting pricing as a complete Fixed Firm Price model, to include the platform, vulnerability management and triage, vulnerability value management, and vulnerability management for all bug bounty challenges?
The text was updated successfully, but these errors were encountered:
The type of contract will remain as a hybrid Firm-Fixed-Price (FFP) and Firm-Fixed-Price Not-To-Exceed (NTE). All responses must be in accordance with the selected contract type.
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Question/Comment on TTS Bug Bounty RFQ
Name and affiliation
Brett Kozisek
Director
Synack Inc.
Section of RFQ documents
RFQ Section Section 7.0 Type of Contract - https://github.com/18F/tts-buy-bug-bounty/blob/master/2018-procurement/RFQ.md#70-type-of-contract
It states the following “Based on the nature of this requirement, the government intends to award a hybrid Firm-Fixed-Price (FFP) and Firm-Fixed-Price Not-To-Exceed (NTE) contract type. The contract will include a FFP CLIN for access to the platform and triage services. The bounty pool will be NTE, with varying vulnerability levels but with all costs paid directly to the researchers.”
Question/Comment
Can the vendor respond with maintaining and coordinating the Bug Bounty program as a complete Fix Firm Price Model?
Would this disqualify the vendor if submitting pricing as a complete Fixed Firm Price model, to include the platform, vulnerability management and triage, vulnerability value management, and vulnerability management for all bug bounty challenges?
The text was updated successfully, but these errors were encountered: