US Election Assistance Commission - Voluntary Voting System Guidelines Vote
EAC Home
Introduction
View Guidelines
View Comments
Glossary

View Comments

Section CommentsGeneral CommentsGlossary Comments
 
Name :   David Dill
Organization :   N/A
Post Date :   9/30/2005

General Comments
Comment :  My final comments are on the certification process. The current process is almost worthless for
security. The process itself has to be made much more stringent. In should be conducted by experts not chosen by the vendors, and those experts should be allowed to do open-ended research on possible attacks (such groups are sometimes called “Tiger teams”). Indeed, the TGDC passed resolution #17-05 calling for such an approach, which unfortunately does not appear in the guidelines.particular, security evaluations  

[Statements submitted at EAC public hearing, July 28, 2005, Pasadena]