Switzerland’s national postal service, Swiss Post, says that it has developed a fully verifiable system that can make e-voting widely available in the country. Yesterday, Swiss Post announced that it is launching a bug bounty program, in which hackers from all over the globe can participate to conduct penetration testing on both the frontend and backend of the e-voting system. The program, called as Public Intrusion test (PIT), will be conducted between February 25 and March 24. White hat hackers can sign up on onlinevote-pit.ch to participate. The security of the e-voting system has already been pen-tested and certified under the legal framework of the Swiss Confederation.
Hackers who discover vulnerabilities that can be exploited to manipulate votes--without being detected by voters and auditors--will be rewarded between $30,000 and $50,000. Server-side loopholes that give an attacker the information of who voted and what they voted will be rewarded up to $10,000. Vote corruption issues are worth $5,000 and $100 will be paid out for server configuration weaknesses. Source code vulnerabilities must be reported by the ethical hackers separately if they cannot be exploited against the test system.
All-in-all, out of the total $250,000 allocated for this project by the government, $100,000 will go to the Swiss cybersecurity firm that helps run the bug bounty program, and the rest could go to the researchers who find vulnerabilities. After finding the vulnerability, participants can then go ahead and make their findings public.
The bug bounty program is open to anyone and the e-voting system is only available in German, French, Italian and Romansh – there is no English version. Researchers who take part in the PIT project will also be given voting cards for testing purposes, but they will be sent electronically.
You can head over to E-Voting PIT to know more about the terms of this program.
EuroPython Society announces the ‘Guido van Rossum Core Developer Grant’ program to honor Python core developers
Microsoft announces Azure DevOps bounty program
Hyatt Hotels launches public bug bounty program with HackerOne