US Election Assistance Commission - Voluntary Voting System Guidelines Vote
EAC Home
Introduction
View Guidelines
View Comments
Glossary

View Comments

Section CommentsGeneral CommentsGlossary Comments
 
Name :   Ron Crane
Organization :   N/A
Post Date :   9/30/2005

General Comments
Comment :  Similarly, the Guidelines do not discuss the threats, such as malware loaders, posed by firmware and hardware (see item 9, below).

Finally, the Guidelines do not help elections officials to understand security issues or to handle them effectively, nor do they require vendors to assist officials in doing so. Yet most elections officials have little, if any, background in computer security. As a rule, officials must
depend entirely upon vendors to identify and to head off threats.

The Guidelines should require vendors

(a) to inform elections officials of all relevant threats in a manner an ordinary official can understand; and

(b) to describe the procedures officials and others must take to counter those threats.