This repository was created in the hopes that government agencies -- from Federal to state to local municipalities -- can include a bug bounty program in their security plans. We have included our internal acquisition documents as well as our public facing solicitation documents. The README file we used for the solicitation itself has also been preserved for the convenience of our partners.
As part of its programmatic focus on security, the Technology Transformation Service (TTS) had to purchase access to a pre-existing, commercially available Bug Bounty SaaS Platform that would allow it to launch and manage the TTS Bug Bounty program. The purpose of this acquisition was to give TTS access to a large network of security researchers, people who have an interest - both personally and financially - in helping to find and address bugs and other technical issues within TTS-owned web applications.
The purpose of this repository is to provide government agencies (and even private industry partners) the ability to learn from our experiences and implement a bug bounty program of their own. We are hoping to streamline this process and allow for a rapid and responsible roll-out of vulnerability disclosure policies and bug bounty programs nationwide.
See CONTRIBUTING for additional information.
This project is in the worldwide public domain. As stated in CONTRIBUTING:
This project is in the public domain within the United States, and copyright and related rights in the work worldwide are waived through the CC0 1.0 Universal public domain dedication.
All contributions to this project will be released under the CC0 dedication. By submitting a pull request, you are agreeing to comply with this waiver of copyright interest.