|

 
|
| | Name : | Ian S. Piper | Organization : | Diebold Election Systems, Inc. | Post Date : | 9/29/2005 |
| Section : | 6.4.4.9 | Page no. : | 12 | Line no.: | 21 | Comment : | In regards to the requirement, "The testing authority shall retain a copy, send a copy to the vendor, and send a copy to the NIST National Software Reference Library (NSRL)1 and/or to any other repository named by the Election Assistance Commission." there needs to be a statement that these copies are to be used for the express purpose of archiving the files and using them for verifying the integrity of the software. These repositories must not be distributing a vendor's software without the written permission of the vendor and these repositories would not be licensed to use the product without the written permission of the vendor. The software on these copies of the build information is the property of the vendor. We support the use of the NSRL for verifying the integrity of software delivered to customers but there must be consideration in that distribution process to protecting the vendor's property. Language needs to be added to this requirement to that effect.
Proposed change: Add to the end of the requirement, "The copies retained by the testing authority, the NSRL and any other EAC accredited repository shall be used for the express purpose of archiving the software files and using them for verifying the integrity of the software. The testing authority, the NSRL and any other EAC accredited repository shall not distribute the software or have license to use the software without the express written permission of the vendor." | |
|
|