Voting--it's the cornerstone of our democracy. But in recent years, both the systems we use and the trust we have in the accuracy of our votes have been challenged.
A new report (PDF) looks at all the systems currently in use--from paper ballots to Direct-Recording Electronic machines--and the issues that surround them. Researchers at Fortify analyzed threats against three phases of an election (voter registration, casting votes, and tabulating votes), highlighting specific ways voting systems have been compromised, summarizing the strengths and weaknesses of current voting techniques, and then providing guidance for voters to ensure their votes are handled properly in upcoming elections.
This week, Robert Vamosi spoke with co-authors Brian Chess and Jacob West of Fortify about their report.
Not surprisingly, Chess and West draw parallels between the electronic systems handling our votes and those that handle our financial transactions. They conclude with several ways the federal and state governments can work with voting machine vendors to adopt business software assurance techniques into the systems they create.
Listen now:
Download today's podcast
Iron Chef returns to Black Hat. No, its not the Food Network import from Japan broadcasting live, but the Fortify edition featuring lead security researchers as they struggle against the clock to find vulnerabilities. This year, the secret ingredient is open-source code.
Brian Chess, chief scientist at Fortify Software, and Jacob West, who manages Fortify Software's Security Research Group, tell CNET's Robert Vamosi that one team will use static analysis while the other will use fuzzing. Chess confirmed that Charlie Miller and Jacob Honoroff will be on the fuzzing team, and Sean Fay and Geoff Morrison from Fortify will make up the static analysis team.
Fortify says the Black Hat audience and co-hosts West and Chess will provide running commentary and encourage the competitors. Ultimately, the audience will judge the results based on originality of created tools, presentation of the number of bugs, and creativity of using the tools when searching for vulnerabilities. At the end, a winner will be named.
Listen now:
Download today's podcast
For years, one of the arguments for using open-source software instead of proprietary software held that open source was more secure. After all, having thousands of eyes looking at the code can't but help find and mitigate potentially dangerous bugs. A new report from Fortify challenges that assertion.
Open-source software can be found in over half of the enterprises today. And open source code can be found within the Mac OS 10 operating system. But how are open source vulnerabilities and, more importantly, their patches handled?
This week a report from Fortify found that, while vulnerabilities exist and are reported within the open-source community, not every open-source project had a clearly defined contact or security alias. Nor was it clear what the process would be for issuing a patch, or how the projects conduct their own vulnerability assessments. The report looked at several known open-source projects such as JBoss and Tomcat.
CNET's Robert Vamosi spoke by phone with Roger Thornton, CTO at Fortify about the report and its findings.
Listen now:
Download today's podcast
Listen now: Download today's podcast
A correction was made to this story. Read below for details.
Following the February 5 presidential primary, several county clerks in New Jersey asked an independent researcher to study the vote results on the state's electronic voting machines. The vendor, Sequoia, has threatened legal action, but so far hasn't taken any. Initial results suggest that there were some inconsistencies in vote tallies, although none were enough to reverse the election results themselves.
Since last year, several states have requested audits of electronic voting systems. In California, the audits resulted in some systems being scrapped for the 2008 presidential primaries. As we turn our attention to the fall 2008 presidential election, several security researchers have come forth with their own studies and suggestions. One of them is Brian Chess, chief scientist at Fortify.
- prev
- 1
- next
Robert Vamosi has appeared on CNN, NBC, ABC, MSNBC, and various other media outlets as an expert on computer viruses, spyware, identity theft, phishing, and other criminal activities on the Internet.
