All software used by and written for the government should be open source, just like all research paid for with government funds should be open access.
At the very least....all software written by the govt should have the following released:
1) what problem it is trying to solve
2) how it was developed (a git log would probably do)
3) how testing is ensured (code quality)
4) security (if my personal data is hosted by teh govt, I would feel a lot safer to know how it was secured - and BS like "it's encrypted with 256 bit encryption" does not help as does not tell us how it's implemented and policies around it's implementation). And results of the pen tests (along with what was done to improve it must be published)
5) after certain years, it would have to be open sourced (if stuff like National security is an issue, it could be pushed ahead but at one point, it would be considered legacy and retired - which is abandonware - which has to be published)
6) how much was spent on the product (not just govt employee salaries, but how much it cost to host it, test it, etc.)
7) all of the above should be easily accessible.
8) if open sourced, policies on how the public can help/contribute.
It will help guide a lot of policies, bring more accountability and also help push software development.
And the problem always is: how are you going to verify that the terminal you're using is running precisely the version of software you've seen?
There's an awesome online course touching all those topics and then some, from J. Alex Halderman, Associate Professor in University of Michigan. It's called 'Securing Digital Democracy' and is available on Coursera: https://www.coursera.org/learn/digital-democracy
The only software that should matter for election is what email client you use to send the ballot's pdf to the printer, and the online store where you buy the pens.
All data, however, should be in documented, standardized, open formats.
Where it makes sense, software should have APIs using common standards.
Where it's possible without revealing national secrets or personal information, those APIs should be open to the public,