[E-voting] BREAKING NEWS: Massive decertification of California
electronic voting machines
Justin Mason
jm at jmason.org
Sat Aug 4 11:34:42 IST 2007
quoting Jerry Berkman:
> It is very long; I quit after the main text and
> skipped the Appendices. I thought I'd summarize
> some of the findings. Many are unbelievable.
> Sequoia must have been isolated from good
> programming practices and modern security
> practices for 10 years.
In passing: this _is_ how it goes in most commercial software development,
in my experience. "Good programming practices", esp where security is
concerned, tend to fall by the wayside when deadlines come into force, in
favour of "the simplest thing that'll work". It's too easy to take
shortcuts on security when faced with a time limit.
I agree, the results of these reviews are staggeringly bad. Good work by
the reviewers performing to this extent, given the lack of cooperation and
extremely tight timescales they were required to act under; of course,
these reviewers include some of the brightest luminaries of the computer
security world, so no surprise really ;)
--j.
More information about the E-voting
mailing list