US Election Assistance Commission - Voluntary Voting System Guidelines Vote
EAC Home
Introduction
View Guidelines
View Comments
Glossary

View Comments

Section CommentsGeneral CommentsGlossary Comments
 
Name :   Matt Bishop
Organization :   University of California Davis
Post Date :   9/30/2005

Section Comments
Section :  20.1.5
Page no. :  
Line no.:  
Comment :  Using the above procedure [suggested in the Threat Modeling section of the author's document attached to a previous comment] — providing this partial tree, requiring modeling,
requiring annotations, inspection of all these by the ITA— would force the vendor to create countermeasures
for a host of threats.

Using the current procedure, attack paths that are relevant to systems unimagined by the standards, and thus not explicitly mentioned, are never inspected by the ITA.