SoylentNews

upstart writes in with an IRC submission:

US voting hardware maker's shock discovery: Security improves when you actually work with the community:

Just hours after Professor Matt Blaze today discussed the state of election system security in America, one of the largest US voting machine makers stepped forward to say it's trying to improve its vulnerability research program.

Election Systems and Software (ES&S), whose products include electronic ballot boxes and voter registration software, said it is working with infosec outfits and bug-finders to improve the security of its products.

Speaking at this year's online Black Hat USA conference, CISO Chris Wlaschin outlined a number of steps his biz has already or will soon take to overhaul its relationship with bug-bounty hunters.

In addition to its ongoing vulnerabilities rewards program, ES&S said it will employ the services of security house Synack to bridge the gap with bounty hunters, and make its products better able to withstand attacks from the likes of state-sponsored groups.

Most notably, ES&S will beef up said rewards program. With the help of ethical hackers at Synack, testers will be able to hammer on devices like the ES&S ExpressPoll without fear of legal reprisal.

[...] One of the bounty hunters who has worked with ES&S, industry veteran Jack Cable, issued his seal of approval to the expanded program.

Today, the nation's largest voting vendor released a vulnerability disclosure policy giving hackers authorization to test their systems. This is a great step towards transparency for election security. I hope that other vendors follow suit and welcome hackers with open arms. 🧵

— Jack Cable (@jackhcable) August 5, 2020

Original Submission