The COTS STG's resolutions that were never edited into the draft of IEEE P-1583

(from the COTS Comments for Draft 5.0 of IEEE P-1583; updated for editing into Draft Verision 5.3.2)

<<<------- Comments requiring changes to Section 3 ------->>>

--- Sklein-051, wfw - 001, Dill-7, df1, schneidewind - 002, PPLX-001, and Lipsio-6D

In the definitions section, change (or add to) the definition of “Commercial Off The Shelf” this text: "(subsystems or components; software, electrical, electronic, mechanical, et cetera)."

<<<------- Comments requiring changes to Section 5 ------->>>

--- Lipsio-12

In paragraph 1 of 5.1.1.4, change "COTS products may" to "COTS products shall". Before the sentence beginning "Notwithstanding the fact that system certifiers ..." insert this sentence: "In any instance, such evaluations shall comply with section 4.3.11 ("Previously developed or puchased software") of IEEE Std 1228-1994, "IEEE Standard for Software Safety Plans".

--- Simons-002

In first paragraph of 5.1.1.4, replace the sentence, "The security countermeasures implemented by an IT system typically use functions of the underlying products and depend upon the correct operation of those products and their security functions."

with

"All such underlying products, the correct operation of which the system relies upon, shall be thoroughly tested and, because of the potential risk of malicious code, their source code reviewed ."

--- RGH 007 and Lipsio-16

At the end of section 5.1.1.4, add the words: "COTS software products shall be installed with the latest security patches (available at the time of system design or update; not necessarily to be construed as requiring retroactive installation of patches in tested, released versions of code)"

--- Lipsio-14

In paragraph 3 of section 5.1.1.4, replace the text: "The voting system vendor must provide a method to assess the impact of COTS updates on the voting system"

with

'In accordance with Annex D ("V&V of reusable software") of IEEE Std 1012-1998, "IEEE Standard for Software Verification and Validation", using an updated version of a COTS product shall be treated no differently than any other software update, and full regression testing and validation of the software shall be required.'

--- Alice-001, Sklein-007, Sklein-057, and MercuriD50-064

In section 5.6.1.1, replace the paragraph beginning with "Compliance with the requirements ..."

with:

"Compliance with the requirements of the software standards is assessed by several formal tests, including code examination. Source code shall be provided in human readable form; when code is generated by a tool, the term "source code" shall be construed to refer to the input to that tool. Source code inspection shall not be limited to compliance with the explicit standards specified below in subsequent sections; inspection shall also endeavor to preclude the code containing pathogenic functions. Pathogenic functions include:

• Back door access, Trojan horses, viruses, etc.

• Hard-coded passwords

• Vulnerabilities and other non-deliberate errors

• Deliberate errors allowing the introduction of malicious code

• Malicious code of any kind; in COTS components, especially malicious code intended to trigger upon use of the software in voting systems.

All testing shall be performed on target hardware executing code compiled or otherwise made from the inspected source, or verified to be exactly binary identical with code so made.

(and some additions to section 7.12.1)

--- Lipsio-89

Delete the first sentence of section 5.6.2; begin that section with "This section provides standards for voting systems with regard to:"

--- Lipsio-3E

In section 5.6.2.2, change the second and third sentences to: "Interpreted code is prohibited unless the run-time interpreter and the tool chain used to generate the interpreted code have been validated."

<<<------- Comments requiring changes to Section 7 ------->>>

--- MercuriD50 - 013 (formerly mercuri-034)

At the end of section 7.12.1, add these bullets:

*) Include a procedure to inform equipment owners should there be, declared or discovered, any defect in the voting system's software, hardware, or firmware, for any COTS products used in the development of the system that could compromise its operation as an election device.

*) Include a procedure to inform equipment owners should there be discovered subsequent to the certification of the software, any pathogenic function, as defined in section 5.6.1.1.

*) Include a procedure for when a defect of the sort described in the previous bullet is found, to initiate amending the V&V procedures so as to flag the found defect, and to subsequently perform full regression testing.

*) Include a procedure to provide owners of the product with the required update subsequent to the retesting mandated in the previous bullet.

At the end of section 7.12.4, add these sub-bullets:

Description of how an update is to be performed, together with guidelines on how certification may be affected, should there be, declared or discovered, any defect in the voting system's software, hardware, or firmware, or any COTS products used in the development of the system that could compromise its operation as an election device.

Notice that should such a defect as described in the previous bullet be found, the owners of the product should be notified and device should, or at least may, be decertified until the correcting update shall have been applied.