Debra Bowen has recently released the “Documentation Assessment of the Diebold Voting Systems”. Having served as a software buyer and as a product manager, I can attest that software documentation is almost always an afterthought, usually poor, hard to keep up to date, and expensive to do well. Its also a very boring and mundane topic for the average software developer and untechnical user.
Yet, don’t overlook this report. There are Gems (no pun intended) and very valuable insights available from the report. Below are several excerpts to hopefully entice some to read at least a few pages of the report:
conscientious local election officials attempting to master the Diebold system will find the documentation presents numerous impediments to their managing the voting system correctly, in a manner that achieves high accuracy, security, and other core objectives…
Pursuant to the federal standards, Diebold submitted to CIBER [Independent Testing Authority] a set of voting system security policies…A comparative analysis shows that the security policies Diebold filed with CIBER were considerably more stringent and extensive than those it ultimately documented in Diebold’s product manuals..
configuration discrepancies involve an uncertified component, and unapproved and largely disabled security settings, raising serious questions about the voting system’s accuracy, security, and reliability…
This approach tends to minimize serious security risks and sidestep mitigation strategies…
The Diebold documentation review team never received all of the expected…documentation, despite the team’s follow-up with detailed lists of omissions…
the security policy presented in the Diebold customer documentation differed significantly with the mandatory client security policy submitted to the ITA [Independent Testing Authority]…
we found that Diebold systems were deployed with a range of different COTS [Common Off The Shelf (like Windows operating system)] software components other than those that were tested and those that appear in Diebold’s internal and customer documentation…
we found several significant problems, including:
