Information Security News mailing list archives
Re: Firm invites experts to punch holes in ballot software
From: InfoSec News <isn () c4i org>
Date: Thu, 8 Apr 2004 09:06:13 -0500 (CDT)
Forwarded from: Kurt Seifried <listuser () seifried org> How do we know that this is the software that they compile and ship? We don't. Source disclosure is useless in this situation unless the build process is somehow audited, or they ship source and whatever else I need to build identical binaries to theirs, which I can then compare and go "yes, these binaries are identical, ergo it's probable that the sources we used are identical, ergo the source I audited and found to be correct is probably what was used to build the production binaries". I'm sorry but I see no reason to trust these companies implicitly, I think they should be held to an extremely high standard of "guilty until proven innocent". They have the ability to change the laws and governments we live within. Any other object with this capability (judges, politicians/etc) is generally made to go through a rigourous process and/or when they make/change laws there are multiple checks and balances (appeal courts, congress, the preseidents veto, the queen's veto, etc.). With voting machines there appear to be no checks and balances. Kurt Seifried, kurt () seifried org A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://seifried.org/security/ _________________________________________ ISN mailing list Sponsored by: OSVDB.org
Current thread:
- Firm invites experts to punch holes in ballot software InfoSec News (Apr 07)
- <Possible follow-ups>
- Re: Firm invites experts to punch holes in ballot software InfoSec News (Apr 08)