Security has been our highest priority from day one, beginning with how our technology is built across our corporate and elections infrastructure. We follow industry best practices, including end-to-end encryption and layered security to provide defense in depth.
Additionally, we invest in recurring independent audits conducted by reputable third parties that are external to Voatz. These audits involve a comprehensive examination of our voting platform, including the mobile application source code, backend infrastructure, and blockchain, as well as an assessment of the networks, computing devices, and processes used to transmit, process, and store voting data.
We have also voluntarily engaged with multiple agencies at the Department of Homeland Security (DHS), including their Cybersecurity and Infrastructure Security Agency (CISA), along with one of the leading federal testing labs in the nation, to review the technologies deployed in our pilots. Due to the ever-evolving nature of potential threats, these audits are ongoing exercises that we view as critical to our pursuit of the highest levels of security.
We are fully committed to providing as much transparency as possible about our system, which is why we encourage the research community to participate in our public bug bounty program. This program grants qualified security researchers access to the latest versions of the Voatz mobile voting platform to find and report vulnerabilities and provide us valuable feedback. It also ensures that any issues detected are specific to a real-world Voatz environment, so that reported issues can be examined based on realistic evidence that can be used to improve the security of our platform. It is important to recognize that any testing or reporting of externally-created infrastructure components or environments which were not built and owned by Voatz do not accurately represent our system and therefore do not constitute genuine research methods.
We will continue to pursue comprehensive security measures as our company evolves, and address all reports of potential vulnerabilities with the highest degree of urgency and scrutiny. We will work tirelessly to fulfill our mission to offer every citizen an opportunity to participate in the elections process regardless of their circumstances.
For more information regarding our approach to security, please visit our regularly updated FAQ.
View our Security Issue Disclosure Policy here.