You're right. That's what I am actually after. Given the fact that we are petitioning Comelec and take a source code review, this would take us so much time and now the petition or case (some sort if ever) needs to be filed in court and source code review be done by the US will be postpone, this will definitely won't take source code review at all. I'm not sure if my calculation is correct, because again enough time is needed in this case and its critical. What I am thinking guys is to think what other things we can offer to be of help instead of pushing this review. I don't know maybe you can help us out here and shed some light.
Thanks, Michael ________________________________ From: Dennis Legaspi <[email protected]> To: Michael Mondragon <[email protected]>; Philippine Linux Users' Group (PLUG) Technical Discussion List <[email protected]>; Drexx Laggui [personal] <[email protected]> Sent: Tue, October 13, 2009 11:46:53 AM Subject: Re: [plug] COMELEC SUED (Was: The Death of Election 2010 Source Code Review) Not the kind of task you can completely divide into chunks. You're right. If you have 20 auditors it doesn't mean you can reduce audit time to X/20. --- On Tue, 10/13/09, Drexx Laggui [personal] <[email protected]> wrote: >From: Drexx Laggui [personal] <[email protected]> >Subject: Re: [plug] COMELEC SUED (Was: The Death of Election 2010 Source Code >Review) >To: "Michael Mondragon" <[email protected]>, "Philippine Linux Users' >Group (PLUG) Technical Discussion List" <[email protected]> >Date: Tuesday, October 13, 2009, 1:48 AM > > >12Oct2009 (UTC +8) > >On Mon, Oct 12, 2009 at 18:08, Michael Mondragon ><[email protected]> wrote: >> I am just wondering, given the fact, let's say, we got some TRO of some >> sort, do we still have >> time to do it? How many of us here, can go with source code review then if >> Comelec will allow >> us to review source code publicly? Though I believe in our capability as >> Filipinos and most of >> the people here are best of breed, I'm just checking since we are running >> out of time. How long >> can Supreme Court can interfere with this? Let's say, 2 mos. from now, can >> we still have much >> time? > >Very good questions. Depends on how many people do you have behind the >word "we" as well as how skilled are the "we" people. If many >volunteered but are there just to learn from the exercise, then your >"we" is just a mob. > >A proper evaluation and assurance project typically runs from 6 months >to 2 years. What you'd need now is an army of highly skilled >evaluators / auditors to do that. Less than that, you'll get lower >assurance levels, and much less audit evidence to give the Filipinos >the confidence they require in the 2010 national elections. > > >Drexx Laggui -- CISA, CISSP, CFE Associate, ISO27001 LA, CCSI, CSA >http://www.laggui.com ( Singapore / Manila / California ) >Computer forensics; Penetration testing; QMS & ISMS developers; K-Transfer >PGP fingerprint = 6E62 A089 E3EA 1B93 BFB4 8363 FFEC 3976 FF31 8A4E >
_________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
