blog.parasoft.

com

10/11/2012 03:29

Embedded Software Testing at Center of Voting Machine Row

Embedded Software Testing at Center of Voting Machine Row
Posted on Thu, Nov 08, 2012 Fritrakis contends that the software should still have been tested by the Ohio board of voting machine standards; meaning that EXP has been improperly approved. Moreover, EXP could introduce mistakes into the vote count and even allow the manipulation of results. The purpose of the software, according to Secretary of State John Husted, is to enable voting machines reporting engines to export an XML file. The file can then be loaded onto a removable device and uploaded to a tabulation machine to streamline and automate the counting process.
http://blog.parasoft.com/bid/110880/Embedded-Software-Testing-at-Center-of-Voting-Machine-Row

Not even software escapes political partisanship as a newly-installed voting machine software module came under scrutiny on Tuesday due to a lack of software verification. A leaked work order obtained by The Free Press describes the commissioning of an application called EXP that allows users to enter custom codes and interface with the OSs reporting system to produce election results. Multiple news outlets have reported that Ohio Green Party congressional candidate Robert Fitrakis filed a lawsuit on Monday to block the inclusion of results obtained from voting machines that have EXP installed. Fritrakis charge stands on the testing requirements, or lack thereof, described in the work order. According to the work order, EXP is only required to undergo functional testing, which means that it will not require federal or state certification for Customer Acceptance testing.

Husted is confident that EXP is safe. This is because even though it wasnt part of the requirements, Election Systems & Software, a company that makes electronic voting systems used in Ohio, nonetheless developed the software in compliance with VSS2002, the federal standard that describes requirements for voting machine software. But Fritrakis lawyer, James Marsh, argues that the because EXP is a propriety, close-source application, that the only barrier to fraud is the mandated independent code-review process [identified in VSS-2002], which he believes is insufficient to verify that the application is designed to withstand fraudulent activities.

The approaching deadline of the election may have been a factor in deciding to bypass testing requirements associated with the states certification process. According to The Free Press:

Love this

PDF?

Add it to your Reading List! 4 joliprint.com/mag

Page 1

blog.parasoft.com
Embedded Software Testing at Center of Voting Machine Row

10/11/2012 03:29

Even in the absence of malicious intent in Ohio, implementing software for a critical use on a tight deadline without ample testing would be a highly unusual, and even suspect, practice among information technology professionals. An unintentional error could corrupt data and change overall results without anyone realizing there was a problem.

Want to learn more about the geek gap? Join us on November 14th, 2012 at 1:00 PM EST for Closing the Geek Gap with a Development Testing Platform.

At the heart of the problem appears to be a lack of sound policy that could have aligned the development/testing teams activities with the expectations of the Secretary of State, and in this particular case, of each organizations legal teams. This gap between the software development department and the business department is referred to as the Geek Gap. Is this another example of what can go wrong when corners are cut in favor of timely delivery or when the requirement gathering process is poorly executed? Is this more evidence that the Geek Gap is not only real, but has potentially dangerous consequences? Its too early to know what went wrong, but it seems evident that it was a process-related incident. Moreover, the deeper our critical activities become steeped in technology, the more scrutiny will (and should) be placed on not only the final product, but the entire SDLC.

http://blog.parasoft.com/bid/110880/Embedded-Software-Testing-at-Center-of-Voting-Machine-Row

***

Love this

PDF?

Add it to your Reading List! 4 joliprint.com/mag

Page 2