Guide to Vulnerability Reporting for America’s Election Administrators

This resource provides election administrators with a step-by-step guide, list of resources, and a template for establishing a successful vulnerability disclosure program to address possible vulnerabilities in their state and local election systems. The six steps include:

  • Step 1: Identify Systems Where You Would Accept Security Testing, and those Off-Limits
  • Step 2: Draft an Easy-to-Read Vulnerability Disclosure Policy (See Appendix III)
  • Step 3: Establish a Way to Receive Reports/Conduct Follow-On Communication
  • Step 4: Assign Someone to Thank and Communicate with Researchers
  • Step 5: Assign Someone to Vet and Fix the Vulnerabilities
  • Step 6: Consider Sharing Information with Other Affected Parties

Download, print, and share this voluntary resource. Return to Election Security.