http://computerworld.com.ph/comelec-awards-source-code-review-to-us-lab-after-public-uproar/
Seems like SysTest will be reviewing the source as well. I seem to have gotten the impression that they would not be doing that. Anyone know the real score? On Wed, Oct 14, 2009 at 2:33 PM, Danny Ching <[email protected]> wrote: > Doc Manalastas, I think the COMELEC announced that they will make the > source code available on Feb 6, 2010 after the SysTest is done. Is this > true? Is this acceptable: (1) to satisfy the law and (2) to satisfy the time > requirements for a proper review. > > Two to three months, right? But Feb 6, 2010 is a Saturday, so we'll get the > code Feb 8, 2010 (Monday). If we allot exactly three months, that means > review will be done May 8, 2010 (also a Saturday). Isn't the election on May > 10, 2010? Is this deliberate, so that the review process will either be moot > and academic or it will be used to declare a failure of elections? > > > On Wed, Oct 14, 2009 at 2:21 PM, Pablo Manalastas > <[email protected]>wrote: > >> --- On Tue, 10/13/09, Michael Mondragon <[email protected]> >> wrote: >> > Given the fact >> > that we are petitioning Comelec and take a source code >> > review, this would take us so much time >> > and now the petition or case (some sort if >> > ever) needs to be filed in court >> >> I am sorry, but a petition for mandamus has already been filed at the >> Supreme Court by CenPEG, to force COMELEC to release the source code of the >> election programs to interested political parties and groups. PLUG does not >> need to file a case anymore, because the necessary case is already at the >> Supreme Court. >> >> > and source code >> > review be done by the US will be postpone, >> >> Again, I am sorry, but SysTest, a U.S. based company contracted by COMELEC >> will not do a source code review, but instead will do a user acceptance >> testing. If we go by what the newspaper reports are saying, then user >> acceptance testing will not be delayed, because SysTest will be paid PHP70 >> million, and for that amount SysTest will do a UAT on time. >> >> > this will >> > definitely won't take source code review at all. >> > I'm not sure if my calculation is correct, because again >> > enough time is needed in this case and its >> > critical. What I am thinking guys is to think what >> > other things we can offer to be of help instead of pushing >> > this review. >> >> I am not asking PLUG, as an organization, to do a source code review. My >> original post was to tell the group that CenPEG has already brought the >> request for the source code to the Supreme Court, since COMELEC does not >> want to do its duty under RA-9369 section 12. Also the reason that I am >> informing PLUG that CenPEG has brought the case to the Supreme Court is that >> a number of PLUG members, on an individual basis (not as PLUG the >> organization) have volunteered to help CenPEG do a source code review, and >> it seems only proper to tell them what we at CenPEG are doing to help make >> source code review a reality. >> >> ~Pablo Manalastas~ >> >> >> > I don't know maybe you can help us >> > out here and shed some light. >> > >> > >> > >> > >> > Thanks, >> > Michael >> > >> > >> > >> > >> > From: Dennis >> > Legaspi <[email protected]> >> > To: Michael >> > Mondragon <[email protected]>; Philippine Linux >> > Users' Group (PLUG) Technical Discussion List >> > <[email protected]>; Drexx Laggui [personal] >> > <[email protected]> >> > Sent: Tue, >> > October 13, 2009 11:46:53 AM >> > Subject: Re: >> > [plug] COMELEC SUED (Was: The Death of Election 2010 Source >> > Code Review) >> > >> > >> > >> > >> > >> > Not the kind of task you can completely >> > divide into chunks. You're right. If you >> > have 20 auditors it doesn't mean you can reduce audit >> > time to X/20. >> > >> > --- On Tue, 10/13/09, Drexx Laggui [personal] >> > <[email protected]> wrote: >> > >> > >> > From: Drexx Laggui [personal] <[email protected]> >> > Subject: Re: [plug] COMELEC SUED (Was: The Death of >> > Election 2010 Source Code Review) >> > To: "Michael Mondragon" >> > <[email protected]>, "Philippine Linux >> > Users' Group (PLUG) Technical Discussion List" >> > <[email protected]> >> > Date: Tuesday, October 13, 2009, 1:48 AM >> > >> > >> > 12Oct2009 (UTC +8) >> > >> > On Mon, Oct 12, 2009 at 18:08, Michael Mondragon >> > <[email protected]> >> > wrote: >> > > I am just wondering, given the fact, let's >> > say, we got some TRO of some sort, do we still have >> > > time to do it? How many of us here, can go with >> > source code review then if Comelec will allow >> > > us to review source code publicly? Though I >> > believe in our capability as Filipinos and most of >> > > the people here are best of breed, I'm just >> > checking since we are running out of time. How long >> > > can Supreme Court can interfere with this? >> > Let's say, 2 mos. from now, can we still have much >> > > time? >> > >> > Very good questions. Depends on how many people do you have >> > behind the >> > word "we" as well as how skilled are the >> > "we" people. If >> > many >> > volunteered but are there just to learn from the exercise, >> > then your >> > "we" is just a mob. >> > >> > A proper evaluation and assurance project typically runs >> > from 6 months >> > to 2 years. What you'd need now is an army of highly >> > skilled >> > evaluators / auditors to do that. Less than that, >> > you'll get lower >> > assurance levels, and much less audit evidence to give the >> > Filipinos >> > the confidence they require in the 2010 national >> > elections. >> > >> > >> > Drexx Laggui -- CISA, CISSP, CFE Associate, ISO27001 >> > LA, CCSI, CSA >> > http://www.laggui.com >> > ( Singapore / Manila / California ) >> > Computer forensics; Penetration testing; QMS & ISMS >> > developers; K-Transfer >> > PGP fingerprint = 6E62 A089 E3EA 1B93 BFB4 8363 FFEC >> > 3976 FF31 8A4E >> > >> > >> > >> > >> > >> > >> > -----Inline Attachment Follows----- >> > >> > _________________________________________________ >> > Philippine Linux Users' Group (PLUG) Mailing List >> > http://lists.linux.org.ph/mailman/listinfo/plug >> > Searchable Archives: http://archives.free.net.ph >> _________________________________________________ >> Philippine Linux Users' Group (PLUG) Mailing List >> http://lists.linux.org.ph/mailman/listinfo/plug >> Searchable Archives: http://archives.free.net.ph >> > > > > -- > Regards, > Danny Ching > -- Regards, Danny Ching
_________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
