Based on my reading of the notes below ... They are only required to make the code of AES available? What good is that?
"Sent via BlackBerry from Smart" -----Original Message----- From: "Drexx Laggui [personal]" <[email protected]> Date: Sat, 18 Apr 2009 15:45:32 To: Philippine Linux Users' Group (PLUG) Technical Discussion List<[email protected]> Subject: Re: [plug] OT: 100M rewards for breaking the automated poll system 18Apr2009 (UTC +8) On Sat, Apr 18, 2009 at 09:17, Orlando Andico <[email protected]> wrote: > I'm not at all certain that an open-source code review is possible. > > One of the bidders is supposed to be proposing a system by Scytl. > > I am pretty sure that Scytl would not allow their software to be > subjected to public review. Perhaps review by one or two code > auditors, yes. Here are clarifications I read from COMELEC's website: http://www.comelec.gov.ph/invi2bid/2009/Bid_Bulletin_No4_040609.html -> Part V. Other Specifications Sec. 7.4, concerning the code review -> By “interested party or groups” do you mean political parties and/or election monitoring groups in the Philippines excluding the relevant bidder’s competitors? -> Yes. Sec. 10 of RA 9369 provides that "once an AES technology is selected for implementation, the Commission shall promptly make the source code of that technology available and open to any interested political party or groups which may conduct their own review thereof." It does not include bidder’s competitors. http://www.comelec.gov.ph/invi2bid/2009/Bid_Bulletin_No13_041809.html -> What kind of mechanisms will COMELEC provide to protect the provider’s intellectual property rights? -> The provider’s intellectual property rights shall be adequately protected. The terms and conditions on how to effectively protect intellectual property rights shall be prescribed in the contract, subject to the legal requirement on source code review, the process of which shall be agreed upon by the COMELEC, Technical Evaluation Committee and the provider. Drexx Laggui -- CISA, CISSP, CFE Associate, ISO27001 LA, CCSI, CSA http://www.laggui.com ( Singapore / Manila / California ) Computer forensics; Penetration testing; QMS & ISMS developers; K-Transfer PGP fingerprint = 6E62 A089 E3EA 1B93 BFB4 8363 FFEC 3976 FF31 8A4E _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
