IT-ISAC Eyes Voting System Vulnerability Disclosure Program

1 min read

The Information Technology-Information Sharing and Analysis Center is reviewing industry feedback on plans to establish a coordinated vulnerability disclosure program ahead of the 2020 presidential elections, Nextgov reported Monday. Previously, IT-ISAC released a request for information on the effort aimed at ensuring that vendors implement a system that would report and act on identified vulnerabilities in their products.

The nonprofit organization also plans to crowdsource the detection of system vulnerabilities on voting platforms.

“You want to make sure the people you are giving access to the voting machines aren’t agents of a foreign power, aren’t people with malicious intent,” noted Scott Algeier, executive director of IT-ISAC.

Responses to the RFI include recommendations on implementing the program to other election infrastructure as well as potential updates to the Election Assistance Commission’s certification procedures, Algeier said.