US Election Assistance Commission - Voluntary Voting System Guidelines Vote
EAC Home
Introduction
View Guidelines
View Comments
Glossary

View Comments

Section CommentsGeneral CommentsGlossary Comments
 
Name :   Alfie Charles
Organization :   Sequoia Voting Systems
Post Date :   9/30/2005

Section Comments
Section :  .20.5.4.2
Page no. :  
Line no.:  
Comment :  Volume II Section 5.4.2

As referenced in our comments related to Volume I Section 4.2.3 through 4.2.7, it would be wise to adopt the guidance of the TGDC/NIST regarding coding conventions.

That original guidance was included in the April draft from NIST, which stated in part that these out-of date conventions ¡§could do more harm than good¡¨ (see excerpt below).

4.2.1.4 Coding conventions and code reviews
Volume 1, Section 4.2 and Volume 2, Section 5.4 of the 2002 Voting Systems Standards define coding conventions and a source code review to be conducted by ITAs.  Vendors are permitted to use current best practices in lieu of the coding conventions defined in the VSS; however, the coding conventions in the VSS are out of date, and if followed, could do more harm than good.

The coding conventions are a means to the end of facilitating ITA evaluation of the code¡¦s correctness to some level of assurance beyond that provided by black-box testing.  That evaluation is underspecified in the 2002 VSS, yielding a cart-before-horse situation in which adherence to the coding conventions could be verified much more rigorously than the correctness of the software.

In Resolution #29-05, the TGDC requested that NIST:
ƒ{ Recommend standards to be used in evaluating the correctness of voting system logic, including but not limited to software implementations, and
ƒ{ Evaluate the 2002 VSS software coding standards with respect to their applicability to the recommended standards, and either revise them, delete them, or recommend new software coding standards, as appropriate.