|

 
|
| | Name : | Alfie Charles | Organization : | Sequoia Voting Systems | Post Date : | 9/30/2005 |
| Section : | .20.5.4.2 | Page no. : | | Line no.: | | Comment : | Volume II Section 5.4.2
As referenced in our comments related to Volume I Section 4.2.3 through 4.2.7, it would be wise to adopt the guidance of the TGDC/NIST regarding coding conventions.
That original guidance was included in the April draft from NIST, which stated in part that these out-of date conventions ¡§could do more harm than good¡¨ (see excerpt below).
4.2.1.4 Coding conventions and code reviews
Volume 1, Section 4.2 and Volume 2, Section 5.4 of the 2002 Voting Systems Standards define coding conventions and a source code review to be conducted by ITAs. Vendors are permitted to use current best practices in lieu of the coding conventions defined in the VSS; however, the coding conventions in the VSS are out of date, and if followed, could do more harm than good.
The coding conventions are a means to the end of facilitating ITA evaluation of the code¡¦s correctness to some level of assurance beyond that provided by black-box testing. That evaluation is underspecified in the 2002 VSS, yielding a cart-before-horse situation in which adherence to the coding conventions could be verified much more rigorously than the correctness of the software.
In Resolution #29-05, the TGDC requested that NIST:
ƒ{ Recommend standards to be used in evaluating the correctness of voting system logic, including but not limited to software implementations, and
ƒ{ Evaluate the 2002 VSS software coding standards with respect to their applicability to the recommended standards, and either revise them, delete them, or recommend new software coding standards, as appropriate.
| |
|
|