Category Archives: christopher wlaschin

Top voting vendor ES&S publishes vulnerability disclosure policy

Posted on by

Election Systems & Software, the biggest vendor of U.S. voting equipment, on Wednesday announced a policy to work more closely with security researchers to find software bugs in the company’s IT networks and websites. “Hackers are going to hack, researchers are going to research, whether or not there’s a policy in place,” Chris Wlaschin, ES&S’s vice president of systems security, told CyberScoop. “We think it’s important to have that safe harbor language out there to set expectations.” The policy allows researchers to probe ES&S’s corporate systems and public-facing websites, but not the election systems in place at jurisdictions around the country, which are subject to different testing regimes. The ES&S policy gives the company 90 days to fix vulnerabilities before researchers can report on them publicly — a standard timeline in the research community. For ES&S, the policy marks another step in collaborating with a white-hat hacking community with which it […]

The post Top voting vendor ES&S publishes vulnerability disclosure policy appeared first on CyberScoop.

Continue reading Top voting vendor ES&S publishes vulnerability disclosure policy

What would a vulnerability disclosure program look like for voting equipment? Expect an RFI soon

Posted on by

Voting-equipment vendors are preparing to formally ask security researchers for ideas on building a coordinated vulnerability disclosure (CVD) program, the next step in the industry’s gradual move to work more closely with ethical hackers. The Elections Industry-Special Interest Group, which includes the country’s three largest voting-systems vendors, will this week release the request for information (RFI), Chris Wlaschin, vice president of systems security at one of those vendors, Election Systems & Software, told CyberScoop. “We all feel that sense of urgency to adopt this sooner than later,” Wlaschin said. Since January, the voting vendor group, which is part of the IT-Information Sharing and Analysis Center (IT-ISAC), a broader industry association, has held biweekly meetings to begin hashing out what a CVD program to find and fix software bugs might look like. Other industries have adopted such programs, which can raise the bar for security in an industry and establish trust […]

The post What would a vulnerability disclosure program look like for voting equipment? Expect an RFI soon appeared first on CyberScoop.

Continue reading What would a vulnerability disclosure program look like for voting equipment? Expect an RFI soon

Former HHS CISO to join voting technology vendor as security lead

Posted on by

The former chief information security officer of the Department of Health and Human Services is taking a role at one of the country’s largest voting machine manufacturers as its head of security. ES&S announced on Wednesday that Christopher Wlaschin will be its new vice president of systems security responsible for the company’s security efforts, including that of its products as well as operational and infrastructure security. He will be involved in ensuring the security of ES&S’s products and engaging in the certification process they undergo in order to be used in elections, the company announced Wednesday. “Our priority at ES&S is developing resilient, auditable and secure voting software and equipment to support our customer’s mission of delivering secure, fair and accurate elections,” said ES&S CEO Tom Burt. Wlaschin departed as CISO of HHS last month, which he has said was due to family medical issues. Surrounding his departure, however, was controversy over an investigation of […]

The post Former HHS CISO to join voting technology vendor as security lead appeared first on Cyberscoop.

Continue reading Former HHS CISO to join voting technology vendor as security lead