SLI Compliance offers end-to-end security test methods designed to validate the security and privacy of all aspects of your system.  We focus on vulnerabilities that could compromise confidentiality, integrity, and availability in each aspect of your system, voter experience, election official experience, servers, and websites. Where risks are identified, we itemize corrective actions and compensating controls, including system configurations and architecture that can mitigate concerns.

SLI Compliance security services include testing and validation of the following:

SLI Compliance security staff conduct analyses to ensure the security techniques being used in the system are valid and that effective security procedures are contained in the design.

Security features are compared for validity against industry-standard techniques, and we ensure techniques being used are effective as built and recommend enhanced techniques where needed. The end-to-end security process is reviewed to identify any weaknesses in the security chain, and we pay particular attention to any aspects of the overall design that could place the system at risk.

Security Software Reviews:

Source Code is subjected to analysis using various tools to determine possible security risks. SLI checks the system to con‑rm methods exist to prevent issues like bu­ffer overflows, pointers not being freed, penetration attacks, and unauthorized insertions of code.

Security algorithms and policies are reviewed to validate correct implementation. Our experience shows that industry-standard algorithms may be present, but if the policies are not correctly implemented, the system may not be as secure as stated.

Finally, we ensure that the code contains no hidden functionality, such as Trojan horses, conditional compilation flags, test flags, or hardcoded passwords.

Trusted Builds:

The final reviewed source code is compiled and tested using a trusted build process to ensure that a clean environment is used, and only approved elements go into the build.

SLI Compliance will perform a Trusted Build using procedures provided by the voting system vendor, where source code is converted to machine-readable binary instructions (executable code) in a manner providing security measures that help ensure that the executable code is a verifiable and faithful representation of the source code.

When performing trusted builds, we use hash checking methods to confirm the software and data have not been modified in any manner from the originally tested baseline.

  • I want to thank you again for SLI's independent assessment of Broomfield's election procedures and subsequent development of updated election procedures. SLI's work assisted the City Council greatly in understanding the strengths and weaknesses of existing systems and helped restore confidence in these systems for future elections.

    James L. Becklenberg

    Assistant City and County Manager

  • It is with sincere gratitude and appreciation that we unconditionally recommend SLI. Our effort to obtain Meaningful Use Stage 2 Certification for our community health software platform required significant interpretation of the federal guidelines that SLI provided in plain English, on an as needed, and always timely basis. The staff is outstanding and their attitude is nothing less than grace under pressure. To keep it all together, with client after client struggling to interpret often vague federal guidelines, is laudable. The bottom line is that we had a choice, and we went with a recommendation for SLI based on a couple interviews with folks that preceded us, and it turned out to be the best possible decision.

    Milton Allione

    President

  • …the EAC finds that the policy and procedures currently in place at SLI show a dramatic, significant effort representing a company-wide commitment to the EAC Laboratory Accreditation Program and ongoing quality improvement.

    Brian Hancock

    Director, Testing and Certification Program

  • Over the past year, I sought SLI’s assistance in providing information to me on testing practices for the Uniform Voting System (UVS) that the State of Colorado is seeking. I also worked with them as they developed a report for the Colorado Voter Access and Modernized Elections Commission on an assessment of voting system technology in Colorado. The results provided by SLI were valuable and helped the state make key decisions regarding Colorado's UVS strategy. As our project moves forward, we expect to call upon SLI to test one or more proposed systems to meet Colorado Voting System Certification Standards.

    Al Davidson

    Program Manager

  • The SLI team, in my opinion, was outstanding. I truly appreciated this process and all the guidance they provided. Not only did this team well represent themselves and the expertise they possess, but also well represented the SLI organization. I would highly recommend SLI to anyone...

    Norman Joseph

    Vice President, Product Management

  • We are so gratified that our cumulative efforts have yielded the much-needed results. I must hasten to add that the work of the entire SLI team has lent so much credibility to this entire electoral process. For this alone, you have the gratitude of not just this member of the Technical Evaluation Committee, but more likely that of an entire nation.

    Tim Diaz de Rivera

    Director General, National Computing Center