Microsoft to Reward Hackers for Finding Bugs in Open Source Election Software

[SwissMiss]

Microsoft to Reward Hackers for Finding Bugs in Open Source Election Software

 

 

Fair elections are the lifelines of democracy, but in recent years election hacking has become a hot topic worldwide.

Whether it's American voting machines during the 2016 presidential election or India's EVMs during 2014 general elections, the integrity, transparency, and security of electronic voting machines remained questionable, leaving a wound in the minds of many that is difficult to heal.

Many countries, including the largest democracy in the world i.e., India, believe the best way to ensure the security of EVMs is to make its technology opaque to bad actors, but in recent years a large section of the population is losing trust in any system that has been certified by a closed group of experts only.

 

To make a balance between transparency and security, in May 2019, Microsoft released a free, open-source software development kit (SDK) called ElectionGuard that aims to enable end-to-end verification of voting.

Microsoft's ElectionGuard SDK can be integrated into voting systems and has been designed to "enable end-to-end verification of elections, open results to third-party organizations for secure validation, and allow individual voters to confirm their votes were correctly counted."

ElectionGuard Bug Bounty Program

Since no software comes bugs-free, Microsoft today finally launched the ElectionGuard Bounty program, inviting security researchers from across the world to help the company discover high impact vulnerabilities in the ElectionGuard SDK.

"The ElectionGuard Bounty program invites security researchers to partner with Microsoft to secure ElectionGuard users, and is a part of Microsoft's broader commitment to preserving and protecting electoral processes under the Defending Democracy Program," the company says in a blog post published today.

 

"Researchers from across the globe, whether full-time cybersecurity professionals, part-time hobbyists, or students, are invited to discover high impact vulnerabilities in targeted areas of the ElectionGuard SDK and share them with Microsoft under Coordinated Vulnerability Disclosure (CVD)."

ElectionGuard Bounty offers cybersecurity researchers a reward of up to $15,000 for eligible submissions with a clear and concise proof of concept (POC) to demonstrate how the discovered vulnerability could be exploited to achieve an in-scope security impact.

The ElectionGuard components that are currently in scope for bug bounty awards include ElectionGuard API SDK, ElectionGuard specification and documentation, and verifier reference implementation.

However, the tech giant says it will update the ElectionGuard bounty scope with additional components to award further research in the future.

 

 

Source: Microsoft to Reward Hackers for Finding Bugs in Open Source Election Software

[mp68terr]

As far as I remember voting machines got hacked already.

Hackable voting machines with a m$oft software do not look like a winning solution for democracy.

[steven36]

35 minutes ago, mp68terr said:

As far as I remember voting machines got hacked already.

Hackable voting machines with a m$oft software do not look like a winning solution for democracy.

That is totally your opinion and a biased one at that because you don't like Microsoft ,  they got hacked because they had no protection and Microsoft is the only one to step up to offer voting machines protection  . It's open source software so it's being looked after by the open source community if you don't like it you can fork it yourself if you think you can do a better job than M$ .

 

 

[Taviruni]

With all due respect for the voters.

I only hope it don't get an inopportune update (in the middle of voting day) as Win10 uses to do.

Or an update that will erase all info as 1809 did.

Forgot to mention drivers updates failures.

Well, I think all you know how MS is making software this days.