Fortify helps protect e-voter privacy and the integrity of election results
(07/02/2008)

Fortify Software will offer a free copy of Fortify® SCA 5.0, its source code analysis software, to every Secretary of State in the United States of America in response to increasing evidence of the deployment of insecure e-voting machines in national elections. Fortify’s gesture is an effort to give each state the ability to ensure that the e-voting systems used in the upcoming November presidential elections are designed to protect both voter privacy and the integrity of election results.

Richard Kirk –VP EMEA for Fortify said “As our software is used around the world to check that code is secure for most of the largest corporations, we feel confident that our software will un-earth any insecure code in the US electronic voting machines. We have already discovered vulnerability in CA, Ohia and helped to put it right.”

In the forthcoming London elections voters will be unable to vote online, due to the rather shaky and badly received trials held in last years local elections which resulted in the Electoral Commission announcing that ‘Web and phone voting pilots should be stopped until security and testing have been improved.’

“Perhaps if there are no hiccups in the voting system in the US elections, with the American’s setting the precedent of checking code as part of validating e-voting security the UK will be able to follow suit in future elections.” Said Kirk

In the US Fortify are donating their products to the States so they have no excuse for finding vulnerabilities in their software and can check how vulnerable they are to attack.. “These coding mistakes open the door for a malicious voter or polling location volunteer to change your vote or even cast multiple votes; corrupting an election could be as easy as inserting a carefully programmed cartridge or a bogus ballot into the machine.” said John M. Jack, Fortify’s CEO

Recent security analyses of electronic voting machines by the state departments of California, Florida and Ohio point to fundamental vulnerabilities in the software running their machines. These states used Fortify SCA in separate and independent source code reviews, and uncovered numerous code-level flaws that could have proved fatal to the election process.

"Our assessment found security vulnerabilities in the software of these systems," said Matt Bishop, a professor of computer science at UC Davis and member of Fortify’s Technical Advisory Board participating in the California and Florida reviews. "This security review provides information that analysts can use to find these problems, and developers can use to eliminate them."

“The security assessment that led to the de-certification of e-voting machines in California is just one example that software on these machines is not secure,” Jack added. “The world’s largest banks, government agencies and telecommunications companies use our analysis tools to guard against attack, and we encourage electronic voting machine vendors to take the same precautions to ensure the security of their services.”

Fortify’s security technology incorporates feedback from the company’s worldwide customer base to bring collaboration, customization and more comprehensive protection to the Software Development Lifecycle (SDL).

“We invite every Secretary of State to take us up on our offer to be proactive in mitigating these types of security risks,” commented Jack. “A voting machine that has been hacked looks just like a voting machine that hasn't been hacked. If we can't trust our election results, our democratic system doesn't work.”