Election Systems & Software, an Omaha, Neb.-based voting equipment maker, announced a vulnerability disclosure policy that will allow security researchers to look for software bugs in the company’s corporate networks and public-facing websites, CyberScoop reported Wednesday.
The new policy announced at the virtual Black Hat conference will provide ES&S 90 days to address the cyber vulnerabilities before security researchers can publicly report those issues.
“Hackers are going to hack, researchers are going to research, whether or not there’s a policy in place,” Chris Wlaschin, vice president of systems security at ES&S, told the publication. “We think it’s important to have that safe harbor language out there to set expectations.”
The Wall Street Journal reported other voting machine vendors are becoming more open to scrutiny of their systems by security researchers. Denver-based Dominion Voting Systems intends to issue a vulnerability disclosure policy in the coming weeks. Austin, Texas-based Hart InterCivic said it has broadened its vulnerability reporting and testing efforts in the past year.