|

 
|
| | Name : | Ron Crane | Organization : | N/A | Post Date : | 9/30/2005 |
| Section : | .20.1.7.2.2 | Page no. : | | Line no.: | | Comment : | 10b.
b. Vol. II, §1.7.2.2 ("Basis for Limited Testing Determinations") would make it easier for unscrupulous vendors to include cheats by allowing for "limited testing" when "the vendor
demonstrates that the change does not affect demonstrated compliance with these Guidelines." The section makes it clear that this exemption is
intended to facilitate the correction of defects, the incorporation of
improvements, the enhancement of portability and flexibility, and the
integration of vote-counting software with other systems and election
software.
In other words, this exemption is meant to be used in the ordinary course of business.
Allowing this loophole also allows unscrupulous vendors to introduce malware under the guise of "incorporat[ing]...improvements," etc. While vendors' QA departments properly
may use "limited testing" to avoid retesting portions of a system unlikely to be affected by
a change to other portions, it has no place in the test labs" procedures.
Under the Guidelines, the test labs are essentially the sole enforcers of system security, and their procedures must not permit unscrupulous vendors to insert malware while waiving full
testing because "It's just a minor bug-fix." | |
|
|