US Election Assistance Commission - Voluntary Voting System Guidelines Vote
EAC Home
Introduction
View Guidelines
View Comments
Glossary

View Comments

Section CommentsGeneral CommentsGlossary Comments
 
Name :   Ron Crane
Organization :   N/A
Post Date :   9/30/2005

Section Comments
Section :  4.1.1
Page no. :  
Line no.:  
Comment :  7a. The Guidelines contain significant loopholes surrounding code review, mostly in that they do not acknowledge the possibility of unscrupulous vendors (or of rogue employees of vendors), and do little to protect against their potential depredations:

a. Vol. I, §4.1.1 begins, “Compliance with the software requirements is assessed by several formal tests, including code examination, but then immediately follows it with the curious
sentence,  "Unmodified software is not subject to code examination."

This appears to mean that a vendor need not submit COTS software for inspection if it pledges not to
modify it. Such a rule would allow an unscrupulous vendor to cheat to any desired extent, since anything that runs in or affects the voting application's environment, such as a language support library, operating system component, piece of firmware, or even a piece of hardware, can alter the voting application's operation.