Microsoft has announced the launch of a bug bounty program for ElectionGuard, its free open-source SDK that enables more secure elections.

Microsoft’s ElectionGuard is a free open-source SDK to make voting more secure, transparent, and accessible.  ElectionGuard enables end-to-end verification of elections, open results to third-party organizations for secure validation, and allows individual voters to confirm their votes were correctly counted. 

The ElectionGuard Bug Bounty program invites security researchers to partner with Microsoft to secure ElectionGuard users, and is a part of Microsoft’s broader commitment to preserving and protecting electoral processes under the Defending Democracy Program

Researchers from across the globe, whether full-time cybersecurity professionals, part-time hobbyists, or students, are invited to discover high impact vulnerabilities in targeted areas of the ElectionGuard SDK and share them with Microsoft under Coordinated Vulnerability Disclosure (CVD). Eligible submissions with a clear, concise proof of concept (POC) are eligible for awards up to US$15,000.  

Bug bounty programs are common among technology companies, where they are used to incentivize the identification and coordinated disclosure of security vulnerabilities. Bug bounty programs have been implemented by a large number of organizations, including the Department of Defense, United Airlines, Twitter, Google, Apple, Microsoft, and many others.  

Microsoft paid $4.4 million in bounty rewards between July 1, 2018 and June 30, 2019 across 11 bounty programs with a top award of $200,000.