Voatz was the first elections company to operate a bug bounty program since 2018 and has so far paid out nearly $60,000 to program participants who have ethically reported realworld issues with the mobile voting system and followed all program guidelines.
Current Focus and Testing Cycle
The current testing cycle (#8) ends December 2023.
The main focus of this cycle is on detecting high quality real-world bugs and issues that can compromise the ability of a voter to submit an accurate ballot via a smartphone. Any issue reported must be reproducible in the real world on an off-the-shelf iPhone or Android device and demonstrate clearly how it directly compromises the act of voting without needing physical access to a voter’s smartphone. Issues that require physical access to a voter’s device will receive a lower severity by default. Issues that are merely theoretical in nature will be de-prioritized from the issue-processing queue. Any website (or Wordpress issues) are not in scope of the current program.
- $2000 – Critical Severity
- $1000 – High Severity
- $500 – Medium Severity
- $250 – Low Severity
*The final determination of the severity of an issue rests with the Voatz security team though they take the issue reporter’s suggested severity into full consideration.
Read the full program guidelines and disclosure policy here: Security Issue Disclosure Policy
Access the issue reporting portal here: Issue Reporting Portal
Downloads and Additional Information
IMPORTANT NOTE: Please remember to always use the test versions of the mobile apps as indicated below
in order to be eligible for Safe Harbor protections. The test system is an exact replica of the live system (except
for the actual voter files) and permits all manner of real world testing. Any attempts to interfere or tamper with the live election apps will lead to your access being blocked and very likely be treated as hostile by the automated security protocols deployed on the system.
You can request access to a test election by using the ‘help/support’ links inside the mobile application. Access is generally granted within 1-2 business weeks upon receipt but may sometimes take longer.
We welcome any questions or feedback: firstname.lastname@example.org
Thank you for helping make our system better and safer for our voters.