|

 
|
| | Name : | Alfie Charles | Organization : | Sequoia Voting Systems | Post Date : | 9/30/2005 |
| Section : | 4.2.3 | Page no. : | 4-44 | Line no.: | | Comment : | Page 4-4 Section 4.2.3 through 4.2.7
It is disappointing that the VVSG did not incorporate the guidance from the TGDC regarding coding conventions.
In Volume II, Section 4.2.1.4 of the April work product from NIST, the TGDC/NIST offered warnings about the problems with out of date conventions which ¡§could do more harm than good¡¨ (see excerpt below).
4.2.1.4 Coding conventions and code reviews
Volume 1, Section 4.2 and Volume 2, Section 5.4 of the 2002 Voting Systems Standards define coding conventions and a source code review to be conducted by ITAs. Vendors are permitted to use current best practices in lieu of the coding conventions defined in the VSS; however, the coding conventions in the VSS are out of date, and if followed, could do more harm than good.
The coding conventions are a means to the end of facilitating ITA evaluation of the code¡¦s correctness to some level of assurance beyond that provided by black-box testing. That evaluation is underspecified in the 2002 VSS, yielding a cart-before-horse situation in which adherence to the coding conventions could be verified much more rigorously than the correctness of the software.
In Resolution #29-05, the TGDC requested that NIST:
ƒ{ Recommend standards to be used in evaluating the correctness of voting system logic, including but not limited to software implementations, and
ƒ{ Evaluate the 2002 VSS software coding standards with respect to their applicability to the recommended standards, and either revise them, delete them, or recommend new software coding standards, as appropriate.
| |
|
|