Notice of Intent to Solicit and Award a Sole-Source Modification for the Vulnerability Disclosure Policy (VDP) Platform

SOL #: 47QFRA20C0012Special NoticeSole Source

Overview

Buyer

Buyer not available

Place of Performance

Mc Lean, VA

NAICS

Other Computer Related Services (541519)

PSC

Support Services Focused On Supporting Security Policies/Controls, Processes, Measuring Compliance Of Relevant Legal/Compliance Requirements, To Include Section 508, And Responding To Security Breaches. Also Provides Support For It Security Systems Providing Continuous Diagnostics And Mitigation (Cdm) For Real Time Cyber Security And Protection Such As Vulnerability Scanning, Managing Firewalls, Intrusion Prevention Systems, And Security Information And Event Management (Siem). Includes Disaster Recovery (Dr) Services To Support Dr Policy, Process And Means, Dedicated Failover Facilities And Perform Dr Testing. (DJ01)

Set Aside

No set aside specified

Original Source

https://sam.gov/opp/d59a92511b5a425780abac8b05d9f368/view

Timeline

Posted

Jan 12, 2026

Action Date

Jan 26, 2026, 10:00 PM

Qualification Details

Fit reasons

NAICS alignment with historical contract wins in similar service areas.
Scope strongly matches core technical capabilities and delivery model.

Risks

Past performance thresholds may require one additional teaming partner.
Potential clarification needed on staffing minimums before bid/no-bid.

Next steps

Validate eligibility requirements, assign capture owner, and schedule partner outreach to confirm teaming strategy before submission planning.

The U.S. General Services Administration, Federal Acquisition Service, hereby publicises its intention to modify an existing open market contract with Endyna, Inc., located at 1345 Lancia Drive, McLean VA, 22102. The anticipated modification will provide the Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and partnering Federal Cybersecurity Executive Branch (FCEB) agencies continued access to a secure platform to facilitate the submission, tracking, and reporting of vulnerabilities discovered in information systems. The contractor, EnDyna, configures, operates, and administers the platform; ensures it maintains an Authority to Operate (ATO); provides triage services to ensure the validity, proper routing, and tracking of vulnerability submissions; and facilities a bug bounty incentive payment program for FCEB agencies to reward valid submissions. EnDyna is the only firm currently able to continue to provide the services and maintain the ATO without a break in these critical services. The anticipated sole-source modification will allow the Government adequate time to competitively procure future VDP program requirements and implement a new procurement strategy.

Be advised that the aforementioned information is anticipatory in nature and is not binding. A determination by the Government not to compete based upon responses to this notice is solely within the discretion of the Government. This notice is not a request for competitive proposals; however, any firm believing that it can fulfill the requirement of providing these services may be considered on the following competitive procurement. Interested parties may identify their interest and capabilities in response to this notice, and must clearly show the firm's ability to be immediately responsive without compromising the quality, accuracy, and reliability of services provided. The Government will consider all responses.

People

Points of Contact

Lila SchmidekePRIMARY

lila.schmideke@gsa.gov

Matthew SchupbachSECONDARY

matthew.schupbach@gsa.gov

Files

No files attached to this opportunity

Versions

Version 1Viewing

Special Notice

Posted: Jan 12, 2026