The nation’s top voting equipment vendors reportedly are issuing a request for information (RFI) this week on building a vulnerability disclosure program (VDP) to bolster election security.
Noting vulnerability
disclosure is critical to finding and fixing software bugs, Casey Ellis, CTO and founder of
Bugcrowd, said, “In a climate where most voters share the concern about
cyber-interference with the election process, but very few know what that
actually means, a clear and decisive move toward transparency by the vendors
addresses the bigger vulnerability that’s in play here: Confidence in the
democratic process itself.”
“On Election Day, every voter must have confidence in the vote – “and it’s good to see this priority informing decisions being made by the vendors,” said Ellis. “My strong recommendation to election software vendors is to adopt a public vulnerability disclosure program (VDP), and not just engage a vetted group of individuals to find these issues.”
But voting machines
are not the only points of vulnerability to attack, every tool that house data –
from websites to databases – used by voters, election officials, candidates and
volunteers, are vulnerable and attractive to potential attackers, he said.
“We know Russian
adversaries successfully influenced the 2016 presidential election and they
didn’t need access to voting machines to change the outcome of the vote,” said
Ellis. “The good news is securing these assets with VDP is achievable ahead of
the 2020 election if we act quickly.”
Gloss