Election officials around the U.S. could soon have access to an open-source software development kit from Microsoft that is intended to make voting more secure and transparent.

The software kit, called ElectionGuard, will allow third parties to validate election results and voters to ensure their ballots were correctly counted, according to Microsoft. Each voter would get a unique code to track the encrypted version of his or her vote to confirm that it was not altered.

“It will not be possible to ‘hack’ the vote without detection,” Tom Burt, a Microsoft corporate vice president, asserted in a blog post Monday. He touted the kit’s use of homomorphic encryption, which will allow votes to be counted without decrypting the data, as a feature that will protect votes individually and collectively.

The software, which will be available starting this summer to election agencies and vendors, is meant to supplement, rather than replace, paper ballots. Its code will be posted to GitHub, and can be layered onto existing voting software for added integrity.

The tech giant plans to have ElectionGuard ready for piloting in the 2020 elections — a vote that federal, state, and local officials are already preparing to secure. Last month, FBI Director Christopher Wray said protecting the 2018 U.S. midterm elections from foreign meddling was a “dress rehearsal for the big show” of the 2020 presidential contest.

Some election security experts welcomed Microsoft’s decision to take the initiative on the issue.

“By providing an open-source method for voters, advocates, and researchers to verify that cast votes have been counted accurately, Microsoft has shown its corporate commitment to bringing trustworthy elections to everyone,” said Maurice Turner, senior technologist at the Center for Democracy and Technology. “I hope that other companies will follow this example and push the technical envelope toward safe and secure elections.”

Aaron Wilson, senior director of election security at the nonprofit Center for Internet Security, said his organization believes “this technology has significant potential to improve the future of voting.”

It will be up to the country’s big election-equipment vendors – Election Systems & Software (ES&S), Dominion Voting Systems, and Hart InterCivic – whether to incorporate the new software kit into their systems. Of those three, Microsoft said that ES&S and Hart InterCivic were exploring how to deploy the software. The three companies have been under increasing pressure to take more measures to improve their products for 2020 and beyond.

Steven Sockwell, vice president of marketing for Hart InterCivic, said his company would test ElectionGuard through a pilot program with the vendor’s own voting software, Verity.

“Verity would operate the way it currently does but would also support providing individual voters with the codes needed to track and validate their ballot as described in the ElectionGuard program materials,” Sockwell told CyberScoop in an email.

An ES&S spokesperson said the company is “exploring the potential for how this new [software development kit] could be incorporated into ES&S voting systems, and we are excited to see its development and learn more about this emerging technology.”

Kay Stimson, vice president of government affairs at Dominion Voting Systems, said her company is “very interested in learning more about the initiative and being able to review the various prototypes that are being planned, along with hearing more about other federally-supported efforts in the elections space.”

Galois, an Oregon-based systems-engineering company, is helping develop code for ElectionGuard. The Defense Advanced Research Projects Agency (DARPA) has given Galois a $10 million contract to build an open-source voting on secure hardware. Microsoft cast the ElectionGuard initiative as part of that quest for “end-to-end” verification of voting results.

UPDATE, 9:08 p.m. EDT: This story has been updated with comment from the Center for Internet Security and Dominion Voting Systems.

The Pentagon is letting outside hackers go after more Department of Defense targets than ever before, in an effort to find DOD’s vulnerabilities before foreign hackers do, DOD announced Wednesday.

The program, “Hack the Pentagon,” is expanding the number of DOD targets that ethical hackers can go after to try to ferret out vulnerabilities, according to the announcement. The program, which launched in 2016, previously allowed cybersecurity professionals to test DOD systems when it involved public-facing websites and applications. Now interested hackers may go after all publicly-accessible DOD information systems, including publicly-accessible networks, Internet of Things devices and industrial control systems, according to DOD.

“This expansion is a testament to transforming the government’s approach to security and leapfrogging the current state of technology within DOD,” said Brett Goldstein, the director of the Defense Digital Service (DDS).

The DOD Cyber Crime Center, which oversees the program, said the expansion was always where the Pentagon intended to take the initiative.

“The department has always maintained the perspective that DOD websites were only the beginning as they account for a fraction of our overall attack surface,” Kristopher Johnson, the director of the center, said in a statement.

The bug bounty program was created in an effort to incentivize talented hackers with awards when they uncover and disclose security flaws that could leave the U.S. military vulnerable to foreign criminal or state-backed hacking campaigns.

And although military leaders have suggested in previous years that learning to trust outside experts testing DOD’s security posture has been a challenge, the expansion comes as DOD eyes broader changes for its Vulnerability Disclosure Program. Just last month the Pentagon began running a pilot VDP for the defense industrial base writ large, as part of recognition that — in addition to information systems — foreign hackers are keen on breaking into defense contractors in order to go after U.S. military targets.

The so-called DIB-VDP Pilot was jointly established by the center’s Defense Industrial Base Collaborative Information Sharing Environment, the DOD VDP and the Defense Counterintelligence and Security Agency, and is set to last for one year. So far it has received 383 reports since launch, according to HackerOne, a bug bounty platform.

Other DOD bug bounty programs are continuing in earnest, meanwhile. In January, the DDS announced its eleventh bug bounty program with HackerOne.

Hackers working on bug bounty programs have been having a blockbuster year, according to data collected by HackerOne: The number of hackers submitting vulnerabilities to HackerOne last year increased by 63% year-over-year. The value of bounties paid out last year also increased; over $44.8 million worth of bounties was awarded to hackers last year, a year-over-year increase of 86%, according to HackerOne.