US Election Assistance Commission - Voluntary Voting System Guidelines Vote
EAC Home
Introduction
View Guidelines
View Comments
Glossary

View Comments

Section CommentsGeneral CommentsGlossary Comments
 
Name :   Carol Coggins
Organization :   Systest
Post Date :   9/30/2005

General Comments
Comment :  Items missing:

In meetings of the NASED Technical Committee we discussed issuance of a clarification bulletin that addressed some of the issues encountered in the interpretation of the code review standards, specifically the application of the term module in various requirements and the broader security requirements in the VSS that permit the labs to interpret some coding practices as insecure. The problem is these practices are not explicitly identified and that leads to inconsistent application. An example is the hard coded password.

[Statements submitted at EAC public hearing, June 30, 2005, New York]