We looked at the problem of voting system security specifically in the context of insider threat for last year's IATAC State of the Art Report on the Insider Threat to Information Systems - some of which involved "rogue" developers engineering backdoors into such systems. Unfortunately the document is limited distribution and FOUO, so I can't excerpt here. But if you're interested and a government employee or contractor, let me know and I'll get you instructions on how to register with DTIC to obtain a copy.
Karen Mercedes Goertzel, CISSP Associate 703.698.7454 goertzel_ka...@bah.com ________________________________________ From: sc-l-boun...@securecoding.org [sc-l-boun...@securecoding.org] On Behalf Of Jeremy Epstein [jeremy.j.epst...@gmail.com] Sent: Thursday, August 20, 2009 5:39 PM To: Arian J. Evans Cc: Secure Coding List Subject: Re: [SC-L] embedded systems security analysis I spent a fair bit of time doing stuff relating to voting systems, which all have embedded systems. (I am not one of the experts who pulls them apart, lest anyone think I'm claiming credit for them.) They are supposedly closed systems, but every time someone competent has tried to attack them, they've been successful - even if there are no published APIs or documents, all of them have attack surfaces. It... _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________