Skip to main content
U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Public disclosures of vulnerabilities

For reporting vulnerabilities, submit your report through the GSA Bug Bounty Program.

When someone in the public alerts GSA to a potential vulnerability in a TTS system, we must act quickly.

GSA SecOps manages the shared GSA Bug Bounty Program.

When a new vulnerability is reported through HackerOne using the GSA Bug Bounty Program, HackerOne will triage the submission. Once they have confirmed it is valid GSA SecOps will research the report and then coordinate the response with TTS program technical contacts.

Use #bug-bounty-partners to communicate with GSA SecOps and HackerOne.