years election hacking has become a hot topic worldwide.
Whether it’s American voting
machines[1] during the 2016 presidential
election[2] or India’s EVMs during
2014 general elections, the integrity, transparency, and security
of electronic voting machines remained questionable, leaving a
wound in the minds of many that is difficult to heal.
Many countries, including the largest democracy in the world
i.e., India, believe the best way to ensure the security of EVMs is
to make its technology opaque to bad actors, but in recent years a
large section of the population is losing trust in any system that
has been certified by a closed group of experts only.
To make a balance between transparency and security, in May 2019,
Microsoft released a free, open-source software development kit
(SDK) called ElectionGuard that aims to enable end-to-end
verification of voting.
Microsoft’s ElectionGuard
SDK[3] can be integrated into
voting systems and has been designed to “enable end-to-end
verification of elections, open results to third-party
organizations for secure validation, and allow individual voters to
confirm their votes were correctly counted.”
ElectionGuard Bug Bounty Program
Since no software comes bugs-free, Microsoft today finally launched
the ElectionGuard Bounty program, inviting security researchers
from across the world to help the company discover high impact
vulnerabilities in the ElectionGuard SDK.
“The ElectionGuard Bounty program invites security researchers
to partner with Microsoft to secure ElectionGuard users, and is a
part of Microsoft’s broader commitment to preserving and protecting
electoral processes under the Defending Democracy Program,” the
company says in a blog post
published today.
[4]
professionals, part-time hobbyists, or students, are invited to
discover high impact vulnerabilities in targeted areas of the
ElectionGuard SDK and share them with Microsoft under Coordinated
Vulnerability Disclosure (CVD).”
ElectionGuard Bounty offers cybersecurity researchers a reward
of up to $15,000 for eligible submissions with a clear and concise
proof of concept (POC) to demonstrate how the discovered
vulnerability could be exploited to achieve an in-scope security
impact.
The ElectionGuard components that are currently in scope for bug
bounty awards include ElectionGuard API SDK, ElectionGuard
specification and documentation, and verifier reference
implementation.
However, the tech giant says it will update the ElectionGuard
bounty scope with additional components to award further research
in the future.
References
- ^
voting machines
(thehackernews.com) - ^
2016 presidential election
(thehackernews.com) - ^
ElectionGuard SDK
(github.com) - ^
blog post
(msrc-blog.microsoft.com)
Read more http://feedproxy.google.com/~r/TheHackersNews/~3/g6kVoJDJGRs/election-software-hacking.html