Election Systems & Software Unveils Vulnerability Disclosure Policy; Chris Wlaschin Quoted

Chris Wlaschin
Chris Wlaschin

Election Systems & Software, an Omaha, Neb.-based voting equipment maker, announced a vulnerability disclosure policy that will allow security researchers to look for software bugs in the company’s corporate networks and public-facing websites, CyberScoop reported Wednesday.

The new policy announced at the virtual Black Hat conference will provide ES&S 90 days to address the cyber vulnerabilities before security researchers can publicly report those issues.

“Hackers are going to hack, researchers are going to research, whether or not there’s a policy in place,” Chris Wlaschin, vice president of systems security at ES&S, told the publication. “We think it’s important to have that safe harbor language out there to set expectations.”

The Wall Street Journal reported other voting machine vendors are becoming more open to scrutiny of their systems by security researchers. Denver-based Dominion Voting Systems intends to issue a vulnerability disclosure policy in the coming weeks. Austin, Texas-based Hart InterCivic said it has broadened its vulnerability reporting and testing efforts in the past year.

You may also be interested in...

Seth Cutler CISO NetApp

NetApp’s Seth Cutler: AI Can Support Agency Data Security, Compliance Efforts

Seth Cutler, chief information security officer of NetApp, has said implementing artificial intelligence tools can help the public sector manage data protection, compliance and risks as agencies increase the pace of digital transformation projects to address cybersecurity threats.

Cybersecurity

DIU Taps CounterCraft to Help Deploy, Mature Threat Intell Prototype

The Defense Innovation Unit has awarded threat intelligence technology maker CounterCraft an other transaction agreement to mature the company’s counterintelligence tool in an effort to improve the protection of Department of Defense systems.

Palo Alto Networks

Palo Alto Networks Gets FedRAMP Approval for Three Data Security Products

Palo Alto Networks has added three cloud products to its suite of government-approved offerings under the Federal Risk and Authorization Management Program. The Palo Alto Networks Government Cloud Services now includes the Prisma Cloud, Cortex XDR and Cortex Data Lake platforms that have received moderate FedRAMP authorization with the help of the Federal Housing Finance Agency, the company said Monday.