[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Re: Quick Re: to Dick Johnson's Re: COTS scope

> My best understanding (and I may be wrong) is that Diebold software runs 
> on Windows2000 and that its GEMS software uses Access.  I intended the 
> "DRE" reference to be generic and to include the voting system and not 

Fair enough; however, 1583 does not in any way apply to the GEMS or to
anything else that is not at the polling place; therefore, it is simply
irrelevant to the COTS scope we are discussing.

> Inspection of Windows CE would indeed be a major chore.  But without

Which is why it is not used in any mission critical system to the best
of my knowledge.  There are commercial RTOSes that are used in such systems,
and their source code has been reviewed so that they could be used in those
systems, and I see RTOSes advertise that they are certified for use in
certain types of systems, but to the best of my knoweldge, no Microsoft
OS has ever been certified for any mission critical use.

> inspection, how can we have any assurance that there aren't deliberate
> backdoors in the OS, for example?

Even in systems where malicious backdoors are not a concern, standards
for critical systems require all source code to be reviewed.

> If one of the requirements of the P1583 standard is to accommodate
> existing DRE designs, however flawed, we should say so explicitly in
> the document.

As with price considerations, as I argued earlier this year:  If the
purpose is to cap development costs, and that concern may preempt the
purposes stated in the scope of 1583, then that, too, should be added to
the scope.

Other industries are required to treat COTS as we are proposing and,
unless we are indeed trying to accommodate existing flawed designs,
we should also; else, we should say so, as Dave wrote, explicitly in
the document.