embedded systems security analysis

[goertzel_karen at bah.com (Goertzel, Karen [USA])]

We looked at the problem of voting system security specifically in the context of insider threat for last year's IATAC 
State of the Art Report on the Insider Threat to Information Systems - some of which involved "rogue" developers 
engineering backdoors into such systems. Unfortunately the document is limited distribution and FOUO, so I can't 
excerpt here. But if you're interested and a government employee or contractor, let me know and I'll get you 
instructions on how to register with DTIC to obtain a copy.

Karen Mercedes Goertzel, CISSP
Associate
703.698.7454
goertzel_karen at bah.com
________________________________________
From: sc-l-bounces at securecoding.org [sc-l-bounces at securecoding.org] On Behalf Of Jeremy Epstein [jeremy.j.epstein 
at gmail.com]
Sent: Thursday, August 20, 2009 5:39 PM
To: Arian J. Evans
Cc: Secure Coding List
Subject: Re: [SC-L] embedded systems security analysis

I spent a fair bit of time doing stuff relating to voting systems,
which all have embedded systems.  (I am not one of the experts who
pulls them apart, lest anyone think I'm claiming credit for them.)
They are supposedly closed systems, but every time someone competent
has tried to attack them, they've been successful - even if there are
no published APIs or documents, all of them have attack surfaces.  It...