US Election Assistance Commission - Voluntary Voting System Guidelines Vote
EAC Home
Introduction
View Guidelines
View Comments
Glossary

View Comments

Section CommentsGeneral CommentsGlossary Comments
 
Name :   Ron Crane
Organization :   N/A
Post Date :   9/30/2005

Section Comments
Section :  .20.1.3.1
Page no. :  
Line no.:  
Comment :  9c.

c. Vol. II, §1.3.1 does not properly account for the security implications of changes in hardware, saying, for example, that Not all systems being tested are required to complete all categories of testing. For example, if a previously certified system has had hardware modifications, the system may be subject only to non-operating
environmental stress testing of the modified component, and a partial
system-level test...

Since an unscrupulous vendor could use new hardware to introduce a malware loader, this approach to short-circuiting testing imperils security.