This resource provides election administrators with a step-by-step guide, list of resources, and a template for establishing a successful vulnerability disclosure program to address possible vulnerabilities in their state and local election systems. The six steps include:
- Step 1: Identify Systems Where You Would Accept Security Testing, and those Off-Limits
- Step 2: Draft an Easy-to-Read Vulnerability Disclosure Policy (See Appendix III)
- Step 3: Establish a Way to Receive Reports/Conduct Follow-On Communication
- Step 4: Assign Someone to Thank and Communicate with Researchers
- Step 5: Assign Someone to Vet and Fix the Vulnerabilities
- Step 6: Consider Sharing Information with Other Affected Parties
Download, print, and share this voluntary resource. Return to Election Security.