Synack, founded by two former NSA analysts, is best known for its bug bounty program that allows its carefully curated stable of researchers to probe a client’s systems for vulnerabilities. The researchers then disclose those soft spots through Synack’s platform.
The company’s offerings are already tuned to the needs of sensitive government clients, and Synack has worked with IRS and the Department of Defense through its “Hack the Pentagon” bug bounty program. States wary of bug bounties should have some peace of mind knowing that Synack emphasizes the intense vetting and low acceptance rate of its research team.
From now until November 6, Synack will offer free penetration testing for voter registration sites and voter databases through its “Secure the Election” initiative.
The offer’s fine print:
Each eligible recipient will be limited to one (1) free 14-day Synack Crowdsourced Vulnerability Discovery Test of an online voter registration website or remotely-accessible database that is expected to be used in the November 2018 mid-term election.
It’s possible that states wary of the federal government’s involvement in state and local elections will be less skittish of help coming from the private sector. The Department of Homeland security has stepped up its role in securing elections, but federal resources, including cybersecurity audits, remain opt-in.
Synack isn’t the only security company talking to states about securing elections. In late 2017, Cloudflare announced that it would extend it DDoS protection for free to states for their voter databases, voter registration sites and election result sites through what it calls “the Athenian Project.” In April, enterprise security firm Centrify offered states its services at a discount in a similar “Secure the Vote” program.
“Synack’s pro bono service looks for vulnerabilities in remotely-accessible voter registration databases and online voter registration websites from a hacker’s perspective,” the company said in a press release.
“Synack’s crowd of researchers discovers vulnerabilities left undetected by other solutions and then helps to remediate them before an adversary can exploit them on election day.”