Re: Is Open Source Enough?

From: Richard C. Johnson <dick_at_iwwco_dot_com>
Date: Fri Sep 07 2007 - 10:16:28 CDT

Arthur,

The OVS solution is not code complete. A core portion of the code OVS uses is available for inspection at SourceForge: http://emlvoting.org and more will be posted as OVS people finish current integration tasks. Those interested in specific code sections or in helping with the code may email David Webber of OVS at dwebber@openvotingsolutions.com, as may those willing to provide feedback on OVS coding efforts in progress.

OVS has not received public or private grant funds, has had very little private investment, and yet has gotten within striking range of an Open Source voting system based on OASIS EML. OVS is still in the Little Red Hen phase, asking who will help bake the bread. So far, a total of 11 people have made voluntary contributions of effort and expertise, with several more to come. OVS is doing better than the Red Hen and OVS will put all of the resulting bread out under GPL once it is baked rather than eating it ourselves. OVS is very grateful to its code contributors as well as to the Open Source community making all this possible.

Threat analysis is quite valuable and of course should be applied to OVS or any potential voting system. OVS includes a provision recommending threat analysis in all of its proposals.

As for Open Test, it is clear that the current certification and the proposed changes in Congress still fail to open up the certification process. If not Holt, then some other congressperson needs to be induced to sponsor the appropriate legislation.

-- Dick

Arthur Keller <voting@kellers.org> wrote: At 11:05 PM -0700 9/4/07, Brian Behlendorf wrote:
>On Mon, 3 Sep 2007, Arthur Keller wrote:
> > 4. If we are to go through the trouble of replacing old electronic
>> voting systems with new electronic voting systems run on open source,
>> unless the new systems are designed to be secure based on a threat
>> analysis model, the new systems may still have security
>> vulnerabilities.
>
>This isn't stated strongly enough. I don't know who said it first, but it's
>been said that for any given software package, the last defect is fixed when
>the last user is deceased. There is no provably secure software out there,
>only software whose security defects have not yet been found. Even the most
>security-minded open source projects, like OpenBSD and OpenSSH, occasionally
>have security defects and issue patches, and often vulnerabilities are known
>about and shared amongst black-hat groups before they're publicly known and
>corrected. We should take it *as a given* that all software has defects, that
>any system might be compromisable. That's back to my reasoning that it's the
>process, not the software, that should create trust in the system.

So should we be considering threat models and alternative
architectures? Should we be doing threat analysis on Open Voting
Solutions' software? Or is the fact that Open Voting Solutions'
software is open source enough to give us confidence that it is a
secure and reliable system merely awaiting (known-to-be flawed)
certification process?

My own suggestion is to proceed with certification of OVS' system
while we develop threat models and new architectures that vendors
(particularly OVS) can adopt. Adoption of OVS would be a good thing
but the job of ensuring security and reliability would not yet be
done at that point. For example, has anyone on this list who does
not work for OVS actually reviewed the OVS code? I'd like to hear on
this list from someone who has, because it says something about the
viability of the public review of software model. (Of course, the
fact that the software is not certified and that no one is using
systems from this undercapitalized vendor would tend to reduce the
number of code lookers, compared with the number that voluntarily
inspected the inadvertantly released Diebold software.

Some on this list have advocated open test environments. How do we get there?

Thanks.

Best regards,
Arthur

-- 
-------------------------------------------------------------------------------
Arthur M. Keller, Ph.D., 3881 Corina Way, Palo Alto, CA  94303-4507
tel +1(650)424-0202, fax +1(650)424-0424
_______________________________________________
OVC-discuss mailing list
OVC-discuss@listman.sonic.net
http://lists.sonic.net/mailman/listinfo/ovc-discuss
By sending email to the OVC-discuss  list, you thereby agree to release the content of your posts to the Public Domain--with the exception of copyrighted material quoted according to fair use, including publicly archiving at  http://gnosis.python-hosting.com/voting-project/

_______________________________________________
OVC-discuss mailing list
OVC-discuss@listman.sonic.net
http://lists.sonic.net/mailman/listinfo/ovc-discuss
By sending email to the OVC-discuss list, you thereby agree to release the content of your posts to the Public Domain--with the exception of copyrighted material quoted according to fair use, including publicly archiving at http://gnosis.python-hosting.com/voting-project/
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Sun Sep 30 23:17:07 2007

This archive was generated by hypermail 2.1.8 : Sun Sep 30 2007 - 23:17:20 CDT