HackerOne, Synack win DOD contracts to expand bug bounty program
October 20, 2016
The Department of Defense has awarded two contracts to expand its bug bounty program across a variety of its digital assets.
The challenges facing social entrepreneurs in moving great ideas to scale in the public sector often center on issues of funding and support. Funding typically comes from grants or contracts, both of which can be considered government procurements. But, the public procurement process is designed to be as much a controlling process as it is a facilitating process. By this I mean that the centralized control that governments exercise over expenditures is meant to ensure the public ‘gets what it paid for.’ The foundations of central financial controls in government embrace and support the concepts of public trust, deliberation, full and open competition, and the primacy of process.
Focusing on process at the expense of results is shortsighted. The process that procurements typically go through is absolutely fine for buying goods and general services, things that can be easily defined in the form of a functional specification. When more complex services are being sought, for example construction of a public building or acquisition of an enterprise IT application, the procurement profession came up with the concept of competitive sealed proposals. The use of proposals, competitively solicited through an RFP, allows the use of evaluation criteria that permit the government to state the relative importance of various factors, other than price, that will be considered when making the award to the best (not necessarily lowest cost) supplier.
Even the routine proposal process, however, fails to meet the need for an effective way to fund and support inventive solutions to complex problems that governments face every day. Recognizing that the public procurement process is overly prescriptive, and frequently forces our solutions partners (grantees or awardees) to subscribe to our established patterns of thought is counterproductive. If we could really write a prescriptive contract or grant, we would – in essence – have already solved the problem we are seeking help in solving. If we want to solve intransigent problems at the fully operational level, not simply proof-of-concept or pilot programs, we must recognize that inventive programs thrive in the non-profit sector and that our most viable solutions will likely come from that entrepreneurial arena.
How, then, do governments select, embrace, and foster the growth of the solutions that social entrepreneurs manage every day? There are certain concepts that will help: Adopt the view that what we are doing today does not allow success of inventive programs at the large scale. Understand that the partners we seek to solve our most complicated problems are not organizations or people that are constrained by process. They are, rather, organizations that are driven by results. Once this is understood, some fundamental changes in the procurement process must occur to find, select and engage these solutions partners.
Dump the long and laborious RFP template. Substitute a simple problem statement that encourages the most innovative thinkers to want to do business with us. Sure, our terms and conditions, as a legal matter, will still be important. Incorporate those later in the process once you have selected the best solution you can find. Learn to excite the organizations we want to do business with. Show them that we are open to creative thought. Through a results-based selection process, find the best solution to the problem we seek to solve, and then become true partners with them. Avoid the arrogant, arms-akimbo stance that we typically take with our trading partners and, instead, accept that once you have carefully selected the right partner through the new and flexible procurement process, you have entered a new relationship that has to be based on trust between the two parties.
Communicate openly and continuously throughout the selection process. Realize that we in government cannot anticipate all the questions or concerns that the solutions community might have. The consequence of being non-communicative during the selection process, or over-controlling communications, is that we might drive away the best partner out there. Learn to be fair but open in communicating with potential partners.
Consider innovative funding approaches. The growing realm of public-private partnerships in development programs may serve as a viable model for some more complicated public transformation programs, such as education reform. The investment model in the private sector is oriented toward long-range strategies, and might be difficult for governments – operating on short term, cyclical budgets – to readily embrace. Partnering for funding with private entities could well be a solution that helps specific programs, and at the same time engages public procurement professionals in more strategic thinking.
Invest in programs that work. Governments are pretty good at pilot programs, but often toss the now-proven (though on a limited scale) solution back onto the arcane and treacherous process of procurement. Why would we do that? If the purpose of a pilot is to find what works, why should government not nurture and inspire the working solution as it grows to scale? This is the essence of partnering, but seems to require courage that is rare among government leaders. The material recommendation here is to treat a pilot as the de facto solution for the full-scale problem. Operate under the presumption of success when determining at the outset who will be the pilot partner. Make the original selection process fair and completely open, with the expectation that its success will result in a partnership that lasts much longer and creates the enterprise solution that you are really seeking when you start the pilot program. This may be a case where the procurement process, as opposed to the grant process, can be used at the origin of the project. Grants can often be given more freely than contracts, and therefore there may be more discretion allowed in the selection process for a grant, which in turn might have “political” consequences.
Share in the investment. Even at the early stages, at the small scale pilot if that is the method used to find the solution, respect the environment of your solutions partner. There may be costs associated with moving a solution into place, which will require investment in support of the program. Discuss those matters openly with your now-selected partner, and share fairly in the reasonable expenses associated with getting a solution in place. Putting an unfair share of the startup costs on the solutions partner creates a misalignment of investment at the very beginning of a program that can only be counterproductive to the relationship that you must establish for success.
Learn to listen actively. It is common in the public procurement profession to be defensive when approached with new ideas. The dilemma we face is that our customers expect us to facilitate them getting what they need, but we more frequently see ourselves as being controllers of the public purse. Both perspectives are valid, but we tend to lean heavily to the control function rather than providing trusted business advice and service to the agencies and departments we serve. We often begin formulating the reasons why not, even while listening to our customers asking for our help. As a profession, we must become more active and participatory listeners, leaning toward yes during every discussion with our constituents about our service. Our value in public service is to know the best right way to get our customers what they need.
Operate for results. In the complex procurement environment of inventive solutions, stay away from prescribing methods or processes. George S. Patton said, “Never tell people how to do things. Tell them what to do, and they will surprise you with their ingenuity.” These words ring true for anyone who has ever operated in the fluid environment of a battlefield, yet are lost in what should be the fluid environment of public procurement. They certainly do not apply when buying sticky notes, but should be taken to heart when seeking innovation, inventiveness, entrepreneurial thought. Teaching and enabling procurement professionals to adopt a rear-looking model of success, one in which every day starts with a statement of the results they need to deliver, and works backwards from those results to the steps necessary to achieve them, is a shift in thinking that is long overdue.
Can we make this happen? Absolutely! By selecting a good test project, mustering and motivating the necessary support, leading a pilot courageously, and having the fortitude to steward it through to completion, I believe we can prove the concept that a new model of contracting can support delivery of cutting-edge solutions to full enterprise implementation. Consider one possibility… Washington DC, our Nation’s Capital, is in the midst of a notable transformation in its governance. Under the leadership of a charismatic and energetic mayor and the clear-thinking and talented city council chairman, the District is actively seeking and pursuing best (and more importantly, innovative) practices in service delivery to citizens. New methods of procurement and information sharing are already being tested. The recent contract developed for a new evidence handling solution for the Metropolitan Police Department is a good first step (see: evidence.ocp.dc.gov). The next step needs to be institutionalizing the methods that have worked for the evidence system, for example using simple problem statements to solicit proposals, and using common technologies to keep the procurement process open 24/7, rather than only during traditional business hours.
The message is clear…if we are seeking inventive thought to help us solve complicated and intractable problems, which is by definition impossible to specify at the beginning of a procurement process, then we must be flexible in our procurement approach. Fair treatment of the inventive entrepreneur we must have to solve complex social problems is fundamental to the growth of good programs into great enterprise solutions. The public trust issues are still there, and should be addressed up front through full, open and continuous communications about the program. Create an environment of true partnership, from the very outset of your attempt to define and find solutions to the problem, through the selection process that so stymies us, through the small scale and finally to the large scale deployment of that solution.