Building a Vulnerability Disclosure Program that Works for Election Vendors and Hackers
0Chris Wlaschin | VP, Systems Security and CISO, ES&S
Mark Kuhr | CTO, Synack
Date: Wednesday, August 5 | 1:30pm-2:10pm
Format: 40-Minute Briefings
Track: Policy
Election vendors are an integral part of American democracy. Because voting machines and the companies that manufacture them are so vital to our nation, their security practices and protections are under intense scrutiny, especially since the 2016 presidential election when Russian hackers attempted to disrupt American elections. This talk will explore the perspectives of voting vendors as well as security researchers.
Ensuring that critical vulnerabilities are found and fixed is a complicated and sensitive process — and urgently requires a comprehensive solution. There are challenges such as privacy, communication, the certification processes, and remediation. The voting industry and the security researchers who are examining their products need a Vulnerability Disclosure Program so both communities can effectively work together to fix problems in election systems and ultimately make America’s democracy stronger and more resilient.
The companies that make voting equipment and election systems are innovating to improve security, and looking for new ways to harden their systems against attacks. This presentation will explore those efforts as well as examine new models for researcher and election vendor collaboration including Coordinated Vulnerability Disclosure (CVD) programs, collaboration at the Voting Village at DEF CON and similar efforts, and Crowdsourced Penetration Testing. It will also look at ideas for improving the relationship between researchers and voting vendors. Additionally, the election industry has many lessons to share that leaders across the manufacturing space can learn from to better protect their own critical assets, information and customer base.
Black Hat - USA - 2020 Hacking conference
#hacking, #hackers, #infosec, #opsec, #IT, #security