|
Edited on Fri Dec-02-05 11:07 AM by helderheid
Please note the following forwarded message - There is NO WAY a source code audit of Diebold's machines was conducted within a 24 hour period, as claimed by the North Carolina SBOE. Someone was probably paid off to make this claim. A true source code audit of such a magnitude would require multiple programmer inspectors or very high caliber working continuously for at least a week, probably two. You cannot audit code without running it - or simulating the operations encoded in the multiple linked programs, branches, and subroutines. Another sad sham in the obvious, corrupt collusion of Republican voting machine manufacturers and the network of unelected pseudo-bureaucracies at the state levels throughout the country. The audacity is truly dizzying. Peter Jones Begin forwarded message: From: Jim Warren Date: December 1, 2005 4:36:08 PM EST To: Dave Farber , Declan McCullagh Subject: review of elections-computers' source-code completed in 24 hours! Sheesh! Hope EVERY computer-literate citizen of North Carolina learns about this -- and screams bloody-hell to their legislators. What a amazing SHAM! --jim From: Justin Moore Organization: Duke University Department of Computer Science Date: Thu, 01 Dec 2005 13:31:05 -0500 Subject: Diebold back in NC It seems that Diebold didn't cut and run from North Carolina after all. Less than 24 hours after Diebold finally placed all of their source code into escrow -- OS and all, they claim -- the State Board claims that their source code audit confirms that Diebold system meets necessary security and reliability standards. The portion of relevant state law is === c) Prior to certifying a voting system, the State Board of Elections shall review, or designate an independent expert to review, all source code made available by the vendor pursuant to this section and certify only those voting systems compliant with State and federal law. At a minimum, the State Board's review shall include a review of security, application vulnerability, application code, wireless security, security policy and processes, security/privacy program management, technology infrastructure and security controls, security organization and governance, and operational effectiveness, as applicable to that voting system. === By certifying Diebold's system, the SBOE claims (implicitly) that they have conducted this review within the last 24 hours on all code placed in escrow. Perhaps the NC SBOE could publish their audit methods in the next top- tier software engineering conference. This is the most amazing code audit -- in terms of speed, breadth, and depth -- that I have ever seen. -jdm --
|