This legislation, known as the SECURE IT Act, amends the Help America Vote Act of 2002 to significantly bolster the cybersecurity of election systems. It mandates that the Election Assistance Commission (EAC) incorporate penetration testing as a required component of the testing, certification, decertification, and recertification processes for all voting system hardware and software. The Director of the National Institute of Standards and Technology (NIST) will recommend entities for accreditation to conduct these specialized penetration tests. Furthermore, the bill establishes a 5-year Independent Security Testing and Coordinated Vulnerability Disclosure Pilot Program for Election Systems (VDP-E) , to be overseen by the EAC in consultation with the Secretary of Homeland Security. This program's primary goal is to proactively identify and disclose cybersecurity vulnerabilities within election systems, including voting machines and their source code. It facilitates this by allowing vetted cybersecurity researchers to test election systems made available by vendors. The VDP-E includes several critical requirements, such as establishing clear terms of participation that obligate researchers to notify vendors, the EAC, and the Secretary of any discovered vulnerabilities, maintaining confidentiality for 180 days. Vendors are then required to provide a patch or other fix for critical or high vulnerabilities to appropriate election officials, with the EAC providing expedited review for certified systems. The program also grants a safe harbor to participating researchers, protecting them from certain legal actions for authorized testing, and ensures that discovered vulnerabilities are exempt from Freedom of Information Act disclosure.