Microsoft Introduces Bug Bounty Program for ElectionGuard SDK

Earlier this year, Microsoft introduced ElectionGuard, an open-source SDK to make voting systems more secure. Now, Microsoft is expanding its role in fair elections through an ElectionGuard Bounty Program. Security researchers are invited to partner with Microsoft and ElectionGuard users to better secure, protect, and preserve the electoral process. The bounty program is one of many elements of Microsoft's Defending Democracy Program.

Researchers across the board (professional, hobbyists, full-time, part-time, etc.) are invited to participate in the program. When such researchers uncover high impact vulnerabilities, they can report the issue through a Coordinated Vulnerability Disclosure (CVD). CVD is a controlled process that allows researchers to report vulnerabilities to vendors, a national CERT, or another coordinator who handles the report privately to guard against exploitation.

Bounty Program submissions "with a clear, concise proof of concept (POC) are eligible for awards up to US $15,000." This isn't the first bug bounty program that Microsoft has hosted. Microsoft has paid out over $4.4 million in bounty awards in the past year. Bounty programs are more and more popular today, with tech giants, airlines, and even the US government hosting different versions. Check out the ElectionGuard Bounty Program site to learn more.

Be sure to read the next Voting article: Daily API RoundUp: Skedulo, Jive Data, BallotReady, The List, SelfID