I believe everyone is missing the real objective of a source code review of the computers programs for Philippine elections 2010.
Every source code review has for its objective PROGRAM CORRECTNESS, which is defined as "a program conforming to its specifications". For the elections programs for use in the 2010 national and local elections, the specifications are contained in two documents: RA-9369 and the COMELEC Terms of Reference. In simple language, we want our election programs to correctly implement our election laws and the COMELEC-specified rules of implementation of these laws. If in the process of review, the reviewers also find out that the election programs are secure and are coded with enough safeguards to prevent buffer overflows, memory leaks, etc., then those are extra bonuses. But the primary objective is still to check for conformity to our election laws. The testing or review to be done by SysTest Labs do not mention anything about checking the PCOS and CCS programs for conformity to our laws. That is what I am afraid of. Even VVSG 2005 can not specify conformity to Philippine Laws because VVSG 2005 is an American EAC standard, and do not care a bit about Philippine concerns. Finally, the testing and source code review to be done by SysTest Labs for COMELEC are part of the Technical Evaluation Committee (TEC) provision of RA-9369 in Section 11. And the controversial thing about TEC certification is that COMELEC can dispense with this certification just by writing a note to the Joint Congressional Oversight Committee stating that COMELEC did not seek TEC certification because of lack of time. Which is what COMELEC did in the 2008 ARMM computerized elections. So COMELEC gets to choose its pie, and eat it too! Sobrang mahal na sila ng Diyos at sila na lang ang palaging matuwid, kahit na ang dami ng hindi naniniwala sa kanila!!! ~Pablo Manalastas~ --- On Wed, 10/14/09, William Emmanuel Yu <[email protected]> wrote: > ... One of these tests as summarized in Volume > 2 Section > 1.3.1.3 is called Focus of Software Evaluation which > reads: > > "The software tests encompass a number of interrelated > examinations, > involving assessment of application source code for its > compliance with > the requirements spelled out in Volume I, Section 5. > Essentially, the > accredited test lab will look at programming completeness, > consistency, > correctness, modifiability, structure, and traceability, > along with its > modularity and construction. The code inspection will be > followed by a > series of functional tests to verify the proper performance > of all > system functions controlled by the software." > > If the government has already contracted SysTest Labs > (Comelec > Resolution 8677) to do the testing according to US EAC VVSG > 2005 then I > guess that should be compliant for the purposes of what we > describe as > source code audit. Of course, that is an if. _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
