The country’s biggest voting equipment vendors recently asked the cybersecurity community for ideas on how to set up a process through which researchers could flag software flaws for vendors to fix. Coordinated Vulnerability Disclosure specialists Bugcrowd and Synack responded, and so did senator and presidential candidate Amy Klobuchar (D-MN).
She wrote a letter advising the voting-gear vendors to ditch their reservations about working with unvetted researchers, pay close attention to their supply chains, and set a timeline for getting software bugs fixed. Klobuchar contested their assumption that programs should focus on systems that are isolated from the internet, pointing out that vulnerabilities in public-facing systems can have security implications for disconnected systems.
