[E-voting] Terms of Reference ("TOR")
mail2 at sysmod.com
Sun Mar 14 17:57:17 GMT 2004
At 15:35 13/03/2004, Dr J Pelan wrote:
>could be end-to-end
>tested with some form of VVAT which is removed for the election proper.
Think of it this way:
In the test, some data was run through the hardware and software. In order
to know whether the result was correct, the input had to be known,
otherwise it could not have been checked. If the point is accepted that the
result could not be known to be right during runs with test data without
access to that data, equally the result can not be known to be right for
any run with any data.
Why stop auditing at the nth test? If you are happy to accept the first
test result as right, why do more? The argument is that another set of test
data might throw up a different combination or result. If that is accepted,
then why stop at (say) the 6th set of data? Why not have the same wish to
check the 7th set which happens to be real data?
On a technical point, do we know if they used any coverage tools to prove
that every path through the code was in fact executed?
Patrick O'Beirne, Systems Modelling Ltd.
Gorey, Co. Wexford, Ireland. +353 55 22294
www.sysmod.com I.S. management consulting
More information about the E-voting