|

 
|
| | Name : | Ron Crane | Organization : | N/A | Post Date : | 9/30/2005 |
| Section : | 4.1.1 | Page no. : | | Line no.: | | Comment : | 7a. The Guidelines contain significant loopholes surrounding code review, mostly in that they do not acknowledge the possibility of unscrupulous vendors (or of rogue employees of vendors), and do little to protect against their potential depredations:
a. Vol. I, §4.1.1 begins, Compliance with the software requirements is assessed by several formal tests, including code examination, but then immediately follows it with the curious
sentence, "Unmodified software is not subject to code examination."
This appears to mean that a vendor need not submit COTS software for inspection if it pledges not to
modify it. Such a rule would allow an unscrupulous vendor to cheat to any desired extent, since anything that runs in or affects the voting application's environment, such as a language support library, operating system component, piece of firmware, or even a piece of hardware, can alter the voting application's operation. | |
|
|