IT-ISAC EI-SIG Request for Information



IT-ISAC Elections Industry Special Interest Group Requests for Information on Implementing a Crowd-sourced Coordinated Vulnerability Disclosure Program




September 20, 2019


On August 15, 2019, the IT-ISAC Elections Industry Special Interest Group released a paper that detailed the commitment of voting systems manufacturers to the development and implementation of corporate Coordinated Vulnerability Disclosure (CVD) Programs. The white paper also noted the value of Crowd-Sourced CVD programs and discussed potential challenges in applying such programs to the elections industry and noted that the SIG would create a Request for Information to solicit feedback on how crowd-sourced CVD programs could be implemented in the elections industry.

The IT-ISAC Elections Industry Special Interest Group seeks public input, comments and suggestions on the following challenges:

  • How to manage a crowd-sourced CVD program on systems that are designed to be closed, isolated, and disconnected from the Internet including stand-alone embedded systems?

  • How to ensure that those engaging in a crowd-sourced CVD program are not nefarious actors seeking sensitive information that can then be used in attacks against the elections’ infrastructure?

  • How best to ensure the confidentiality of the researcher findings so that vulnerability announcements are disclosed simultaneously with a fix or mitigation for the vulnerability

Comments and input should please be sent to cvd@it-isac.org by October 21, 2019.


641 views
© 2020 by Informaton Technology-Information Sharing and Analysis Center.
  • YouTube