The General Services Administration is seeking information on the availability of software-as-a-service platforms that could help the agency’s security operations division establish a bug bounty program.
GSA looks to partner with a SaaS vendor and obtain access to a network of security researchers who can uncover technical issues across the agency’s web-based information technology applications, according to a sources sought notice posted Tuesday.
The agency wants a Federal Risk and Authorization Management Program-compliant platform that would facilitate reporting and viewing of security flaws on public websites in accordance with its vulnerability disclosure policy.
A potential vendor should also be able to help SecOps personnel monitor technical issues, perform the cyber triage process and disburse rewards through the bug bounty SaaS.
Responses are due Aug. 12.