Yes. Anyone can test the Voatz platform via our public bug bounty program. You can also contact us for more advanced testing opportunities.
As of 2017, elections infrastructure has been officially classified as “critical infrastructure” by the Department of Homeland Security. As such, any attempts to tamper with a live election on the Voatz platform is considered a federal offense. In the event of such an attempt, Voatz will provide a detailed report to the partnering jurisdiction; any subsequent actions taken are then subject to the jurisdiction’s discretion.
All relevant issues identified through our public bug bounty programs or our private, external testing engagements are promptly triaged and addressed according to priority, risk-level, and workload.
Voatz welcomes the opportunity to collaborate with researchers in the security community, both through private engagements as well as publicly through our bug bounty program. If a valid issue is found, we immediately begin the work to implement a solution.
Collectively, the audit results have been satisfactory, and all blocking or critical issues that were identified have been resolved. These audits also produced a number of useful suggestions for improvement which are in the process of being implemented in upcoming releases.
Yes, more information can be found on the Audits page on our website.
The audit process involves a comprehensive evaluation of the various components of the Voatz platform, including the:
- Cloud infrastructure
- Mobile applications
- Blockchain network
- Source code
- Corporate network
Testing focuses on the most critical security concerns as outlined by organizations such as the Open Web Application Security Project (OWASP), The SANS Institute, the National Institute of Standards and Technology (NIST), and The MITRE Corporation. They cover, but are not limited to:
- OWASP Mobile Top 10 Risks
- Unintended data leakage
- Attack on binary protections
- Local and remote injection attacks
- Unauthorized information disclosure attacks
- Application reverse engineering or decompilation
- Common authentication and authorization issues
Yes. We pursue continuous, ongoing audits of our technology and make the results of those public in an effort to push the elections industry into further transparency. To learn more about our audits, visit the Audits page on our website.
Voatz takes extensive measures to test its technology via continuous internal and red team testing, as well as independent, third-party audits. These measures are essential to both the efficacy and responsible deployment of our technology, and to maintaining compliance with elections standards and guidelines. The Voatz software development team incorporates industry-standard testing procedures, and our quality assurance team is led by experienced professionals who have worked extensively with certified election systems.
In addition to internal, ongoing red team testing simulations, Voatz utilizes the guidelines and standards set forth by organizations like the National Institute of Standards and Technology (NIST) and the Election Assistance Commission (EAC), as well as compliance entities like ProV&V in order to rigorously stress-test the platform and further the development of emerging standards related to mobile voting.
The goal of these testing procedures is to continually improve our ability to detect, report, and thwart tampering attempts while contributing to the evolution of security standards in the elections industry, and to increase the scalability of our product.
To learn more, visit the Security & Technology, Audits, and Issue Disclosure Policy pages on our website.