Re: GUI, hold the widgets

From: Douglas W. Jones <jones_at_cs_dot_uiowa_dot_edu>
Date: Wed May 05 2004 - 20:36:29 CDT

On May 5, 2004, at 5:12 PM, charlie strauss wrote:

> In a related vein, I've seen it noted elswhere that DLLs and font
> description packages are considered COTS items for source code
> inspection purposes. In otherwords you could change a DLL that a
> voting program uses and not have to have the program re-certified.

Fonts that are purely passive things, like bitmaps, are quite safe to
put in this category, but there are font description mechanisms in use
today that contain code (typically interpreted, but potentially quite
dangerous unless you know a lot about the interpreter).

Allowing uncritical inclusion of Dynamically Linked Libraries is
insane! A DLL should only be treated as COTS if it is indeed a COTS
DLL. Freeware DLL's from Joe Hacker aren't safe, and the presence
of any DLL's must be documented. All COTS components must be disclosed
to the ITA and the states ought to require disclosure of COTS
In Iowa, for example, we demand that the vendors disclose version
for all components, and we demand that they inform us if they change
any component, letting us make the decision about whether this requires
recertification. To allow the vendor to swap out one COTS component
in favor of another without at least informing the customer and asking
whether this requires recertification is insane. (it is, however, what
the vendors want. In one case, ES&S installed a complete uncertified
absentee ballot processing system in one county without asking.)

                Doug Jones
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
Received on Mon May 31 23:17:18 2004

This archive was generated by hypermail 2.1.8 : Mon May 31 2004 - 23:18:16 CDT