Re: vendors vowing to cooperate with disclosure?

From: Alan Dechert <dechert_at_gmail_dot_com>
Date: Sun Apr 22 2007 - 01:43:48 CDT

Nancy,

> Sorry for being such a johnny come lately ....
>
Don't be sorry....

> -but can you please tell me what you believe is
> the intent of CA law for COTS?
>

I think I know the intent ... certainly I know what's intended in AB 852.
In summary, for testing purposes, it's status quo regarding COTS. That is,
any component the voting equipment vendor makes or modifies as part of the
system under consideration, needs to be reviewed during federal and/or state
certification. If they incorporate a component they did not make or alter
(i.e., COTS), it is not subject to review. (keep in mind: this is a general
description of how it is supposed to go. In practice, plenty of vendor-made
or vendor-modified components get by without review... in fact, that's part
of the reason we need AB 852).

We don't plan to change that (what source code etc. needs to be reviewed)
with AB 852. The difference here is that since AB 852 will require public
disclosure of all the technical details, we'll also need to know what all is
in the machine that the vendor incorporated but did not make. In general,
vendors will need to supply more information because more people are going
to be asking questions.... like "what are those switches on the system
board? What position were they in when certified? What position are they
supposed to be in."

A basic difference between the people's informal certification process
(contemplated in AB 852) and the formal certification processes (state and
"federal") is that the people won't necessarily have a sample of the
equipment to use. So, it makes sense that we should have everything clearly
identified -- i.e., we can't just open up the box and look inside if we're
curious about what graphics processor was used.

Eventually, we'd like to see hardware used whose design is public. I think
this is quite feasible, but will take some investment in terms of money and
years to fully implement. In the mean time, it is reasonable to allow COTS
without having to review or disclose, for example, all the microcode in all
the processors used on a system board.

Alan D.

_______________________________________________
OVC-discuss mailing list
OVC-discuss@listman.sonic.net
http://lists.sonic.net/mailman/listinfo/ovc-discuss
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Mon Apr 30 23:17:09 2007

This archive was generated by hypermail 2.1.8 : Mon Apr 30 2007 - 23:17:16 CDT