[E-voting] BREAKING NEWS: Massive decertification of California electronic voting machines

Justin Mason jm at jmason.org
Sat Aug 4 11:34:42 IST 2007


quoting Jerry Berkman:
> It is very long; I quit after the main text and
> skipped the Appendices. I thought I'd summarize
> some of the findings. Many are unbelievable.
> Sequoia must have been isolated from good
> programming practices and modern security
> practices for 10 years.

In passing: this _is_ how it goes in most commercial software development,
in my experience.  "Good programming practices", esp where security is
concerned, tend to fall by the wayside when deadlines come into force, in
favour of "the simplest thing that'll work".  It's too easy to take
shortcuts on security when faced with a time limit.

I agree, the results of these reviews are staggeringly bad.  Good work by
the reviewers performing to this extent, given the lack of cooperation and
extremely tight timescales they were required to act under; of course,
these reviewers include some of the brightest luminaries of the computer
security world, so no surprise really ;)

--j.



More information about the E-voting mailing list