Public disclosures of vulnerabilities
For reporting vulnerabilities, submit your report through the GSA Bug Bounty Program.
When someone in the public alerts GSA to a potential vulnerability in a TTS system, we must act quickly.
GSA SecOps manages the shared GSA Bug Bounty Program.
When a new vulnerability is reported through HackerOne using the GSA Bug Bounty Program, HackerOne will triage the submission. Once they have confirmed it is valid GSA SecOps will research the report and then coordinate the response with TTS program technical contacts.
Use #bug-bounty-partners to communicate with GSA SecOps and HackerOne.