Securing Our Elections Through Vulnerability Testing and Disclosure

This report describes a two-day, coordinated live-hacking exercise run by HackerOne and IT-ISAC with three election-technology vendors and 15 vetted hardware researchers; the team tested modern election devices (scanners, ballot marking devices, electronic pollbooks), submitted 21 reports covering attack vectors such as ballot box manipulation, scanner denial-of-service, and URL squatting, and reinforced the value of Vulnerability Disclosure Programs and industry collaboration to improve election security.