PROGRAM DESCRIPTION 

ElectionGuard is an open source software development kit (SDK) that makes voting more secure, transparent, and accessible. The ElectionGuard bounty program invites researchers across the globe to identify security vulnerabilities in targeted ElectionGuard repositories and share them with our team. Qualified submissions are eligible for bounty rewards from $500 to $15,000 USD. 

This bounty program is subject to these terms and those outlined in the Microsoft Bounty Terms and Conditions.

IN-SCOPE SERVICES AND PRODUCTS  

The ElectionGuard SDK includes multiple repositories, components, and reference implementations to guide implementers. The following components and vulnerability types are currently in scope for bounty awards. As additional components develop, we will update the bounty scope to award further research.    

  • ElectionGuard specification and documentation: Mathematical errors in the specification resulting in election vulnerability, including but not limited to
    • Mathematical proof checking procedures that say a proof is valid when it actually is not
    • Transmission of data that can allow votes to be discovered 
    • Transmission of data that can allow unintended discovery of election secret keys, election partial secret keys, or auxiliary private keys
  • Verifier reference implementation: Vulnerabilities including but not limited to 
    • Inputs to the reference verifier that do not represent valid elections yet are reported to be valid by the verifier. 
  • ElectionGuard SDK (Python API): Cryptography and implementation in the Python library, including:
    • Bugs in proof generation or proof checking code
    • Attacks allowing for unintended private key or unencrypted ballot discovery by observing or manipulating SDK messages
    • Sequences of calls to the ballot encryption API process in an expected order that result in an election that does not decrypt or verify
    • Vulnerabilities in the Key Ceremony or Decryption/Tally ceremony that result in an election that does not decrypt or verify 

WHAT CONSTITUTES AN ELIGIBLE SUBMISSION? 

The goal of the bounty program is to uncover significant vulnerabilities that have a direct and demonstrable impact on the security of ElectionGuard and its users data. Vulnerability submissions must meet the following criteria to be eligible for bounty awards:  

  • Identify a vulnerability that was not previously reported to, or otherwise known by, Microsoft.
  • Such vulnerability must be of previously unreported Critical or Important severity and must reproduce in one of the in-scope products or services
  • Identify a previously unreported vulnerability in the latest version of the ElectionGuard SDK within the in-scope repositories. 
  • Include a clear, concise, proof of concept (PoC), either in writing or in video format, to demonstrate how this vulnerability or flaw could be exploited to achieve an in-scope security impact. 
    • This allows submissions to be reviewed as quickly as possible and supports higher bounty awards.

 Microsoft may accept or reject any submission at our sole discretion that we determine does not meet the above criteria.

HOW ARE PAYMENT AMOUNTS SET? 

Bounty awards range from $500 up to $15,000. Higher awards are possible, at Microsoft’s sole discretion, based on the severity and impact of the vulnerability and the quality of the submission. Researchers who provide submissions that do not qualify for bounty awards may still be eligible for public acknowledgment if their submission leads to a vulnerability fix.

 

Security Impact

Report Quality

Severity

Critical/Important

Moderate/Low

Elevation of Privilege

Content Complete 

Baseline 

$15,000

$3,000

$0

 

Information Disclosure

Content Complete 

Baseline

$15,000 

$3,000

$0

 

Security Design Flaw

Content Complete 

Baseline

$8,000 

$1,000

$0

 

Spoofing/Tampering

Content Complete 

Baseline

$3,000 

$500

$0

 

Remote Denial of Service

Content Complete 

Baseline

$3,000 

$500

$0

 

Security Impact

Report Quality

Award

Documentation or samples included in documentation are insecure or encourage insecurity. 

Content Complete

Baseline

$1,000

$500

Content Complete: Includes all components required in the “what constituted an eligible submission” section of this bounty. 

Baseline: Includes some of the components but the contents are incomplete, inaccurate, or difficult to understand or reproduce. We recognize that some issues are extremely difficult to reproduce and understand, and this will be considered when assessing the quality of each submission.  

OUT OF SCOPE VULNERABILITIES?   

Microsoft is happy to receive and review every submission on a case-by-case basis, but some submission and vulnerability types may not qualify for bounty reward. Here are some of the common low-severity or out of scope issues that typically do not earn bounty rewards:

  • Publicly-disclosed vulnerabilities which are already known to Microsoft and the wider security community. 
  • Vulnerability patterns or categories for which Microsoft is actively investigating broad mitigations.
  • Vulnerabilities in anything earlier than the current master branch 
  • Vulnerabilities based on user configuration or action, for example: 
    • Vulnerabilities requiring extensive or unlikely user actions 
    • Vulnerabilities which disable or do not use any built-in mitigation mechanisms 
  • Vulnerabilities which exist in out-of-scope repositories or in ElectionGuard reference implementation/POC/demonstration code
  • Vulnerabilities associated with deprecated versions, such as the C implementation

We reserve the right to accept or reject any submission that we determine, in our sole discretion, falls into any of these or other categories of vulnerabilities even if otherwise eligible for a bounty. 

ADDITIONAL INFORMATION  

For additional information, please see our FAQ

 

REVISION HISTORY

  • ​​​​​​October 16, 2019: Program launched
  • June 15, 2020: Update program scope to include ElectionGuard SDK (Python API) and added severity rating to the award table