Bug bounty platform provider cited "Voatz's pattern of interactions with the research community" in its decision to halt the app vendor's vuln disclosure program on HackerOne.
Mobile voting application vendor Voatz has been dismissed from HackerOne's bug bounty program platform, according to a report on CyberScoop.
Voatz — whose mobile voting app used in limited elections in a handful of states, including West Virginia and Colorado — has been under intense scrutiny over security concerns, and recently published studies by MIT and Trail of Bits uncovered significant security weaknesses in the app.
While security experts long have dismissed mobile voting as inherently risky, proponents of mobile-voting have maintained that the apps and process are more secure and private, for example, than the standard practice of sending PDF-based ballots via unencrypted email to military personnel overseas.
Voatz recently had updated its bug bounty policy on HackerOne to say that it could not "guarantee safe harbor" for researchers who discover flaws in its software under the program, CyberScoop said in its report.
"After evaluating Voatz's pattern of interactions with the research community, we decided to terminate the program on the HackerOne platform," a HackerOne spokesperson said in the CyberScoop report. "We partner with organizations that prioritize acting in good faith towards the security researcher community and providing adequate access to researchers for testing."
Voatz plans to kick off a new bug bounty program, it said.
See the full article here.
Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "How to Evict Attackers Living Off Your Land."
About the Author(s)
You May Also Like
Guarding the Cloud: Top 5 Cloud Security Hacks and How You Can Avoid Them
April 4, 2024Cybersecurity Strategies for Small and Med Sized Businesses
April 11, 2024Defending Against Today's Threat Landscape with MDR
April 18, 2024Securing Code in the Age of AI
April 24, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024Black Hat Asia - April 16-19 - Learn More
April 16, 2024