Iowa launches vulnerability disclosure program for election-related sites

Iowa Secretary of State Paul Pate announced Thursday that his office is launching a new program allowing outside security experts to find and patch weaknesses in its websites, including those related to elections. With the new vulnerability disclosure program, Iowa becomes the second state, following Ohio, to give legal liability protections to researchers hunting for bugs that could leave its networks susceptible to attacks if left unaddressed. Pate’s office is working with Bugcrowd, an ethical-hacking firm that crowdsources cybersecurity professionals to look for flaws in its clients’ systems. “We already have a strong infrastructure in place, but election cybersecurity is a race without a finish line,” Pate said in a press release. “We are bolstering our cyber maturity by allowing responsible testing and reporting of our systems to the private sector.” While vulnerability disclosure programs are increasingly common with major corporations, very few state governments have implemented them. But states … Continue reading Iowa launches vulnerability disclosure program for election-related sites