Guide to Vulnerability Reporting for America's Election Administrators
Provides election administrators with a step-by-step guide, list of resources, and a template for establishing a successful vulnerability disclosure program to address possible vulnerabilities in their election systems. The six steps include:
- Identify Systems Where You Would Accept Security Testing, and those Off-Limits
- Draft an Easy-to-Read Vulnerability Disclosure Policy (See Appendix III)
- Establish a Way to Receive Reports/Conduct Follow-On Communication
- Assign Someone to Thank and Communicate with Researchers
- Assign Someone to Vet and Fix the Vulnerabilities
- Consider Sharing Information with Other Affected Parties