US voting hardware maker's shock discovery: Security improves when you actually work with the community


Summary generated on August 16, 2020

    Black Hat Just hours after Professor Matt Blaze today discussed the state of election system security in America, one of the largest US voting machine makers stepped forward to say it's trying to improve its vulnerability research program.

    Election Systems and Software, whose products include electronic ballot boxes and voter registration software, said it is working with infosec outfits and bug-finders to improve the security of its products.

    In addition to its ongoing vulnerabilities rewards program, ES&S said it will employ the services of security house Synack to bridge the gap with bounty hunters, and make its products better able to withstand attacks from the likes of state-sponsored groups.

    This is actually a big step for ES&S, who when we last checked in was bickering with DEF CON organizers over its products being included in the voting-machine-hacking village, and taking heat from government officials for its lax security.

    This is a great step towards transparency for election security.

    Synack CTO Dr Mark Kuhr talked up the role his company would play in helping to clean up ES&S's security reputation and safeguard US voting machines ahead of the 2020 election.

    "What we are seeing here is a match made in heaven between the security research community and the government bodies." .