Advertisement

Microsoft unveils bug bounty program for election software

It is the latest effort by the tech giant to bolster election security.
Microsoft, Microsoft Windows
The Microsoft Theatre in Los Angeles. (REUTERS / Mike Blake)

Microsoft on Friday said it was establishing a bug bounty program for its open-source election software, the latest move by the tech giant to try to bolster election security.

Microsoft is inviting researchers from anywhere and any background — whether elite industry professionals, tinkerers, or students — to find “high-impact vulnerabilities in targeted areas” of its ElectionGuard Software Development Kit, said Jarek Stanley, a senior program manager at the Microsoft Security Response Center.

Researchers can make up to $15,000 per bug they find and share through Microsoft’s coordinated vulnerability disclosure (CVD) program. They are being asked to hunt for bugs that could affect the integrity of data in the ElectionGuard software, including for example, the kit’s implementation of cryptography.

Big tech companies from Microsoft to Apple to Google all have bug bounty programs, but they are much rarer in the election security space. Voting equipment vendors, for example, are setting up a CVD program but have yet to pursue bug bounty policies.

Advertisement

Microsoft introduced ElectionGuard in May, an effort to boost voter confidence in the security of the ballot at a time of heightened attention on vulnerabilities in election infrastructure. The software helps third parties validate election results and voters ensure their ballots were correctly counted. ElectionGuard gives each voter a unique code to track the encrypted version of her vote to confirm that it was not altered.

Microsoft originally said ElectionGuard would become available to election officials this summer. It is unclear how widely adopted the software is. When asked that question, a Microsoft spokesperson pointed to a September blog from the company saying ElectionGuard was available on GitHub. Regardless, any change to the voting ecosystem takes time to implement given officials often plan to procure equipment long before deploying it.

The announcement follows Microsoft’s move in September, first reported by CyberScoop, to offer state and local election officials free security support for Windows 7, the antiquated and less secure operating system, used in voting systems through 2020.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts