On Wed, Oct 14, 2009 at 7:38 AM, Oscar Plameras <[email protected]> wrote: > I'm as bored as you are with arguments going around in > circles. It's like watching dogs chasing their tails.
You still haven't addressed the issue about your output based method not addressing security issues. Remember the part of the thread wherein actual voting machines used in a major industrialized country shipping with real and exploitable buffer overrun security vulnerabilities. And, contrary to you last post about it, you don't need to overload a system to exploit it. Just one seemingly valid malformed input is all it takes to explot it. You can use vulnerabilities to make the machine do things outside the scope of your output based testing, such as inserting and executing "dagdag-bawas" code. > As a matter of interest there was a previous court decision > on a similar matter which was ruled by SC in favor of the > Comelec. The previous ruling has nothing to do with the source code auditing, though. It has to do with the validity of the bid. _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
