The Swiss government will make its future e-voting system available for a public intrusion test and is now inviting companies and security researchers to have a go at it. “Interested hackers from all over the world are welcome to attack the system,” the government said in a press release. “In doing so, they will contribute to improving the system’s security.” … A mock e-voting session is planned on the last day of the testing period, on March 24, but participants can attack the e-voting system before that, as well. To participate, companies and security researchers will have to sign up in advance of the PIT session’s official start. Signing up will give participants the legal permission to attack the system, will ensure the cash rewards will reach those who first report an issue, and it enforces a set of rules and restrictions on participants.
For example, some of the things that PIT participants aren’t allowed to do is to carry out attacks that may harm a voter’s personal device or attack unrelated systems belonging to Swiss Post, the e-voting system’s maker.
Swiss Post will help out by disabling some of the security defenses that normally protect the e-voting system “to enable participants to concentrate fully on attacking the core system.”