[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: COTS scope

Rebecca and I sifted through 45 comments formally submitted against a draft of 
1583, and we spent many weeks arriving at resolutions that satisfied most of the 
parties that volunteered to be part of the COTS STG.

Then, we had to make numerous requests to get most of those resolutions edited 
into the document; some still are not part of the document.

Now, someone who is not a member of the committee proposes undoing much of that 
work, and I have already written a reply to the STG (and, therefore, to you) 
explaining why much of what he has written would not be acceptable.

And, as I understand your comment below, by virtue of the fact you support his 
approach, he is invited to finish his work while what Rebecca and I did will be 
in large part discarded.

Is my understanding correct, or am I missing something?

Vince Lipsio

| From: "Deutsch, Herb" <hdeutsch@essvote.com>
| To: "'s.morganstein@populex.com'" <s.morganstein@populex.com>
| Cc: Robert Oliver <r.oliver@populex.com>, David Patterson 
<d.patterson@populex.com>, Rebecca Mercuri <mercuri@acm.org>, "Vincent J. Lipsio" 
<Vince@lipsio.com>, Doug Fletcher <dfletcher@pivotint.com>
| Subject: RE: COTS scope
| Date: Sun, 21 Nov 2004 20:47:59 -0600
| I support this approach. Do you want to take a crack at the modifications to
|,, and to make it consistent with the additions to
| the scope?
| -----Original Message-----
| From: Sanford Morganstein [mailto:s.morganstein@populex.com]
| Sent: Saturday, November 20, 2004 10:21 PM
| To: Herb Deutsch; Rebecca Mercuri; Vincent J. Lipsio; Doug Fletcher
| Cc: Robert Oliver; David Patterson
| Subject: COTS scope
| Rebecca, Vincent:
| As you know, I took the action item to scope cases in which COTS software is
| subject to code review and subject to federal coding standards.
| I think this draft meets the areas that both of your were concerned about.
| Rebecca mentions the case of the printer driver that prints a 5 instead of
| an 8.  Vince talked about having the ITA certify (qualify) that the COTS
| device as a black box produces the proper outputs from a test set of inputs.
| I think that what is suggested here accomplishes the goals without requiring
| code review or inordinately expensive systems.  The burden is put on the
| vendor to develop the test that satisfies the ITA that the COTS device does
| not improperly affect elections.
| Perhaps most importantly, it does so in a way that is better than code
| review.  Code review of COTS software cannot ensure that the COTS
| firmware/software is failsafe.  I'm traveling but can be reached by cell
| phone (847/426-1010) if we need to make changes.  I'm also copying Herb
| Deutsch on this to ensure that this is not just one vendor's view of how to
| make a system compliant while giving the system designer latitude in
| employing COTS components.
| Doug:  I am sending a copy to you because I don't know if I should have
| posted this on the IEEE website or I should simply have sent it to Rebecca
| and Vince.  If it should be posted, please do so.
| Best Thanksgiving Holiday regards to all.
| Sandy

The contents of this email are my personal opinion
and do not necessarily reflect the official position
of Lipsio Enterprises, a Corporation.