Which independent cybersecurity firms have reviewed Dominion or Clear Ballot systems and what did their technical reports conclude?
Executive summary
Independent technical reviewers that appear in the available reporting include MITRE’s National Election Security Lab (NESL), the voting‑system test lab SLI (as reviewed by NYSTEC), the Cybersecurity and Infrastructure Security Agency (CISA) which issued advisories after laboratory findings, and earlier independent researchers such as Coherent Cyber; their conclusions range from identifying fixable vulnerabilities to finding no evidence of real‑world exploitation or system compromise [1] [2] [3] [4] [5].
1. Which independent firms reviewed Dominion systems — a short catalog
MITRE’s NESL was retained to perform an independent technical review of Dominion’s ImageCast X and related claims and produced an analysis used in state reviews [1]; SLI (an accredited Voting System Testing Laboratory whose Security Functional Test Report for Dominion Democracy Suite 5.16 was reviewed by NYSTEC) conducted hands‑on compliance and security testing of the D‑Suite 5.16 release with follow‑up by NYSTEC [2]; CISA issued an Industrial Control Systems Advisory after vulnerabilities were identified in ImageCast X and related components, reflecting government analysis and coordination with vendors [3]; and security contractor Coherent Cyber (Jacob Stauffer) performed earlier independent testing and publicly reported multiple critical vulnerabilities in Dominion software in 2014 [4].
2. What MITRE’s reports concluded
MITRE NESL’s technical work — including a lab review of the Georgia ImageCast X and an eight‑state data analysis cited by Dominion and others — found no evidence that Dominion systems had been exploited to alter election outcomes and assessed the feasibility of claimed large‑scale attacks as not supported by the available evidence [1] [6]. MITRE also shared draft findings with Dominion, CISA and state officials as part of collaborative review processes [5].
3. What SLI and NYSTEC found when testing D‑Suite 5.16
SLI’s Security Functional Test Report for Dominion Democracy Suite 5.16 documented testing of the system and specifically re‑tested issues identified in upstream advisories; NYSTEC reviewed SLI’s assessment, worked with SLI to resolve questions, and concluded its review with no outstanding issues after remediation steps were taken during the certification process [2]. The reporting describes SLI’s role as a compliance test lab that works iteratively with vendors to include fixes in technical submissions [2].
4. What CISA’s advisory and government coordination concluded
CISA’s Industrial Control Systems Advisory publicly detailed technical flaws affecting versions of the Dominion ImageCast X ballot‑marking device and urged jurisdictions to apply mitigations and updates, while explicitly stating it had no evidence that the vulnerabilities had been exploited in elections [3] [7]. CISA and related government statements emphasized layered mitigations — physical, operational and cyber controls — and recommended practical hardening steps rather than alleging proven election manipulation [7] [5].
5. Earlier independent tests and critical findings
Independent researcher work predating recent lab reports, such as the 2014 Coherent Cyber testing, identified multiple serious vulnerabilities in Dominion’s Democracy Suite and raised broader warnings about insecure practices in vendors across the industry; Congress‑level critics have used such findings to argue the sector underinvests in cybersecurity [4].
6. Caveats, competing narratives and missing evidence
Dominion highlights multiple rounds of voluntary and mandatory lab testing, EAC certification, and hand‑count audits that matched machine counts in jurisdictions like Maricopa County as part of its defense and transparency narrative [8] [9] [6]. Some cybersecurity experts concede theoretical attack paths exist where physical access or EMS compromise is possible, but also stress that paper ballots and procedural controls substantially limit real‑world impact — a competing perspective noted in academic and government analyses [7] [10]. Reporting reviewed here contains no independent technical reports about Clear Ballot systems, so no conclusion can be drawn about which independent cybersecurity firms have reviewed Clear Ballot or what those reports concluded from the provided sources.
7. Bottom line for readers and officials
Across multiple independent and government‑linked reviews, the pattern in the sourced reporting is: technical vulnerabilities have been identified and remediated or mitigated through updates and procedures, government labs and testing labs (MITRE NESL, SLI/NYSTEC and CISA) found no evidence of exploitation in elections, while earlier independent testers flagged serious issues that fuel ongoing scrutiny and calls for stronger, more transparent testing regimes [1] [2] [3] [4] [5]. The available sources do not include independent technical reports on Clear Ballot, and industry practices around disclosure and named testers have at times been opaque, which remains an outstanding transparency concern [4] [8].