Phone: +46 73 687 0060
The input from several research fields are valuable in the design and implementation of our software and when developing documentation. Please contact us if you think you can contribute. Describe your background briefly if you do not know anybody on the team, or contact the person you already know and think can be vouch for you.
We hope that developers and users share not only validated attacks or vulnerabilities, but also concerns and general comments on security aspects of our software. This will help us improve our documentation and/or our softwares, and we will of course give you credit if we follow your advice.
Although our license does not impose any restrictions on how you disclose security issues or attacks, we would appreciate if you do not immediately post them online or report them as issues at the public software repository or anywhere else (although we understand the urge!).
Instead we hope that you contact us and give us a chance to discuss the findings with you to make sure that we fully understand them. We may also be able to suggest additional targets that you, or we, could investigate.
Keep in mind that other people may be using our software or some modified version in real elections and they deserve a chance to update their systems or complete an election before you make your findings public.
That said, we have first hand experience with finding serious flaws and attacks, we understand the amount of work involved, and we have an academic mindset, so we will make sure that you get the credit you deserve. Exactly how depends on the importance of the contribution and what you want.
Issues that are not security critical should normally be reported in the issue system at the source code repository. However, if an issue is only a symptom of a larger problem, then we welcome an email where you outline your ideas and hope that you are open to discuss the matter to let us decide on what should be done.