The General Services Administration‘s Technology Transformation Service plans to establish a “bug bounty” program that will engage ethical hackers in efforts to discover and address vulnerabilities in TTS web applications, Federal News Radio reported Monday.
Jason Miller writes TTS sought comments from vendors on ways to set up a program where ethical hackers can test applications, report vulnerabilities and get incentives for their participation.
“Bug bounties are a proven method of mitigating security risk in production systems: they incentivise researchers to report issues to the system owner who can fix them before they’re discovered by malicious actors,” TTS stated in a draft solicitation published January.
Miller reports that TTS looks to purchase a pre-existing and commercially available software-as-a-service platform to launch and oversee the bug bounty program.
The selected contractor would provide access to the SaaS platform and its network of security researchers, triage services to assess reported vulnerabilities, as well as rewards for valid vulnerability reports, the report said.
TTS accepted comments on the draft solicitation through Jan. 30.
Miller writes the agency did not specify when it will issue the final solicitation.