Skip to main content
U.S. flag

An official website of the United States government

Public disclosures of vulnerabilities

For reporting vulnerabilities, submit your report through the , external,GSA Bug Bounty Program.

When someone in the public alerts GSA to a potential vulnerability in a TTS system, we must act quickly.

GSA SecOps manages the shared , external,GSA Bug Bounty Program.

When a new vulnerability is reported through HackerOne using the , external,GSA Bug Bounty Program, HackerOne will triage the submission. Once they have confirmed it is valid GSA SecOps will research the report and then coordinate the response with TTS program technical contacts.

Use , external,TTS-only, #bug-bounty-partners to communicate with GSA SecOps and HackerOne.

Questions?

Handbook.tts.gsa.gov

An official website of the U.S. General Services Administration

Looking for U.S. government information and services?
, external,Visit USA.gov