Security is foundational to what we do. Every election on our online voting platform depends on the integrity of the system running it, which is why we hold ourselves to a high standard when it comes to identifying and addressing vulnerabilities.
Today, we are formalizing that commitment with the launch of our Vulnerability Disclosure Policy (VDP). The policy establishes a clear, structured process for security researchers to report potential vulnerabilities directly to us. It includes defined scope, safe harbor protections for good-faith researchers, and coordinated disclosure timelines consistent with ISO/IEC 29147, the internationally recognized standard for vulnerability disclosure.
In practice, this means that when a vulnerability is discovered and reported to us, we have the opportunity to investigate and deploy a fix before any public disclosure. That protects our clients and the elections they run.
Reports can be submitted to security@simplyvoting.com. Researchers may also encrypt sensitive findings using our PGP key.
