Sabi ni Oscar noong Mon, Oct 12, 2009 at 8:17 PM: > Source code review will never be tolerated.Not as a method for acceptance > testing in Software Engineering. > > Where in the world is that happening when you simply want to know that what > you entered is religously recorded and is not corrupted? > > Only in Pinas, I guess
Eh? http://www.sos.ca.gov/elections/voting_systems/ttbr/diebold-source-public-jul29.pdf <excerpt> This report is a security analysis of the Diebold voting system, which consists primarily of the AccuVote-TSX (AV-TSX) DRE, the AccuVote-OS (AV-OS) optical scanner, and the GEMS election management system. It is based on a study of the system’s source code that we conducted at the request of the California Secretary of State as part of a “top-to-bottom” review of California voting systems. </excerpt> and http://cseweb.ucsd.edu/~hovav/papers/ttbr-hart.html <excerpt> This report considers security issues in Hart InterCivic’s voting suite, version 6.2.1. This report was prepared at the request of the California Secretary of State, as part of a “top-to-bottom” review of the state’s electronic voting systems. This document is the final report of the team that examined the Hart voting system source code. Hart’s system consists of back-office election management components (SERVO, Rally, Tally, eCM Manager, BOSS, Ballot Now) which are used to configure and collect data from precinct devices (eScan, eSlate, Judge’s Booth Controller). The election management software runs on ordinary Windows machines whereas the precinct devices are embedded programs running on specialized hardware. </excerpt> and http://www.elections.state.ny.us/NYSBOE/hava/RFI/SBOERequest6209-2gRev6.pdf <excerpt> If Section 6209.2 means “any delivered software prior to compilation” must be “production” level code, then “conditionally compiled”, “unused”, or “test-only” code can not be delivered as part of the submitted voting systems software. The focus would be to review the source code to validate that all “conditionally compiled”, “unused” and “test-only” code is not present in the production level code, and the compiler switch review would confirm that all code provided is compiled and used in the Trusted Build for the voting system. </excerpt> -- Daniel O. Escasa independent IT consultant and writer contributor, Free Software Magazine (http://www.freesoftwaremagazine.com) personal blog at http://descasa.i.ph Twitter page at http://www.twitter.com/silverlokk If we choose being kind over being right, we will be right every time. _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
