[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Definition of COTS



I believe any of the three proposals are acceptable solutions to the
objections raised in comments, with #3 preferred.
Bob

-----Original Message-----
From: Vincent J. Lipsio [mailto:Vince@lipsio.com]
Sent: Wednesday, January 21, 2004 1:49 PM
To: COTS Special Task Group, P1583; Security Task Group, P1583
Subject: RE: Definition of COTS


In the email to which I'm belatedly replying (appended below), Stephen
Berger asks, "do we (particularly the STG group) agree with that
definition?", where "that definition" is:

> Commercial Off-the-Shelf (COTS): Commercial, readily-available hardware
> devices (such as card readers, printers, or personal computers) or
> software products (such as operating systems, programming language
> compilers, or database management systems).  These devices and software
> are exempted from certain portions of the qualification testing process
> so long as such products are not modified in any manner for use in the
> voting system.

Three comments by three individuals (including myself) objected to the
second sentence because it is out of scope in a definition.  Also,
other definitions in our standard do not include examples.

Therefore, I propose three possible solutions:

1)  Eliminate the definition altogether because COTS appears in the
    subsequent section, 3.1, "Abbreviations and Acronyms".
2)  Change the definition as follows:  "Commercial Off-the-Shelf
    systems, subsystems, or components of any type, including
    mechanical, electronic, and software."
3)  A hybrid of the above: Eliminate the definition and add in
    "Abbreviations and Acronyms" the text: "(subsystems or components;
    software, electronic, mechanical, et cetera)"

Comments welcome,
Vince Lipsio

----------------------------------------------------------------------------
----
The following was written by Stephen Berger on Sun, 16 Nov 2003:

I had some facinating discussion last week with Bob Mandeville at the IEEE
802 meetings.  Bob and I along with several others were proposing a new
standard within IEEE 802.  Bob's presentation, which I am attaching
discussed the approach to developing standards commonly used in the IETF.
The key to much of that approach is to start by clearly defining terms.  His
statement was that this was typically the hardest part.

I think the comments below make it clear that this is where the COTS STG
needs to start.  To help get the ball rolling let me provide one of Bob's
slides here:

Terminology Definition Template:
--Term to be defined. (e.g., Latency)
--Definition: The specific definition for the term. Discussion: A brief
discussion about the term, it's application and any restrictions on
measurement procedures.
--Measurement units: The units used to report measurements of this term, if
applicable.
--Issues: List of issues or conditions that effect this term.
--See Also: List of other terms that are relevant to the discussion of this
term.

Methodology Definition Template:
--Objectives
--Setup parameters
--Procedures
--Measurements
--Reporting formats

So applying this to COTS, we start with the definition in the current draft,
which I think is currently unchanged from the 2002 FEC standard:

Commercial Off-the-Shelf (COTS): Commercial, readily-available hardware
devices (such as card readers, printers, or personal computers) or software
products (such as operating systems, programming language compilers, or
database management systems).  These devices and software are exempted from
certain portions of the qualification testing process so long as such
products are not modified in any manner for use in the voting system.

First question, do we (particularly the STG group) agree with that
definition?  Everyone seems to agree that modified products are not COTS.
So is the limitation at the end of the definition sufficient?

In Bob's method he recommends having a discussion of the application and any
restrictions on measurement procedure.  The STG needs to come up with some
discussion of those boundaries in this context.  I think we all agree that
some of the environmental testing can be set aside where it is clear that
hardware already meets comparable specifications and has been tested for
other purposes, such as the CE Mark requirements.  I think from our Austin
discussion we all agree that even things we all agree are COTS doesn't get a
waive on all testing.  What we need is a draft of the language setting those
boundaries and suggestions for where that discussion should be included in
the document.

Hope the above is helpful to the COTS STG.  I at least found it of interest.

Best Regards,

Stephen Berger