January 31st, 2008

Fortify offers source code analysis to states

Posted by Richard Koman @ January 31, 2008 @ 6:22 PM

Categories: State & Local Govt

Tags: Software, Analysis, Fortify Software, E-voting, Security, Government, Richard Koman

Fortify Software says it will offer a free copy of its source code analysis software to states in order to check the integrity of their e-voting machines. According to the press release:

“We’re donating our products to states so they can find places where their machines’ software is vulnerable to attack,” said John M. Jack, Fortify’s CEO. “These coding mistakes open the door for a malicious voter or polling location volunteer to change your vote or even cast multiple votes; corrupting an election could be as easy as inserting a carefully programmed cartridge or a bogus ballot into the machine.”

“Our assessment found security vulnerabilities in the software of these systems,” said Matt Bishop, a professor of computer science at UC Davis and member of Fortify’s Technical Advisory Board participating in the California and Florida reviews. “This security review provides information that analysts can use to find these problems, and developers can use to eliminate them.”

“The security assessment that led to the de-certification of e-voting machines in California is just one example that software on these machines is not secure,” Jack added. “The world’s largest banks, government agencies and telecommunications companies use our analysis tools to guard against attack, and we encourage electronic voting machine vendors to take the same precautions to ensure the security of their services.”