Jane Edwards
Election Systems & Software, an Omaha, Neb.-based voting equipment maker, announced a vulnerability disclosure policy that will allow security researchers to look for software bugs in the company’s corporate networks and public-facing websites, CyberScoop reported Wednesday.
The new policy announced at the virtual Black Hat conference will provide ES&S 90 days to address the cyber vulnerabilities before security researchers can publicly report those issues.
“Hackers are going to hack, researchers are going to research, whether or not there’s a policy in place,†Chris Wlaschin, vice president of systems security at ES&S, told the publication. “We think it’s important to have that safe harbor language out there to set expectations.â€
The Wall Street Journal reported other voting machine vendors are becoming more open to scrutiny of their systems by security researchers. Denver-based Dominion Voting Systems intends to issue a vulnerability disclosure policy in the coming weeks. Austin, Texas-based Hart InterCivic said it has broadened its vulnerability reporting and testing efforts in the past year.
