Re: [plug] The Death of Election 2010 Source Code Review

Top Page

Reply to this message
Author: Drexx Laggui [personal]
To: Philippine Linux Users' Group (PLUG) Technical Discussion List
Subject: Re: [plug] The Death of Election 2010 Source Code Review
29Sep2009 (UTC +8)

On Tue, Sep 29, 2009 at 01:59, joebert jacaba <joebertj@???> wrote:
> Can this be used as an excuse for a failure of election scenario? What if
> someone brings this issue to the Supreme Court just before the election and
> the exercise declared invalid because of this loophole?

If you mean that there will be a "failure of elections' because there
was no source-code review per se, then the answer is: NO.

I'm not a lawyer, but that's how I understood Atty. Rafanan as he
answered questions by Manuel Alcuaz and Gus Lagman (?), in a MAP
(Management Association of the Philippines) meeting last week. In
there, I was invited to be their guest speaker on how source-code
audit is done, how an evaluation and assurance project is done, how a
standard like the Common Criteria (ISO/IEC 15408) is relevant and
timely, and what are the technical and management challenges behind it
--what it really means when you say a hardware & software product is
TRUSTWORTHY. I gave them the same opinion I shared (though less
formally) with Doc Mana in their CenPEG office last July 18.
Smartmatic was there as well, plus other interested international
organizations and representatives from multi-national companies. There
were no press people however, as it was a closed-door meeting in the
25th floor of Ayala Tower 1 in Makati. I knew this issue was hot, but
I didn't know they'd all be there because this issue is blazing hot.
It was very stressful for me to in the middle of such *passionate*
discussions and accusations between parties.

Atty. Rafanan said they want to disabuse the term "failure of
elections" because it's been used so much that many people are now
confused by what it really means. Here's the lawyer-talk for "failure
of elections":

And here's a related news article:

September 19, 2009 9:59 pm

Drexx Laggui -- CISA, CISSP, CFE Associate, ISO27001 LA, CCSI, CSA ( Singapore / Manila / California )
Computer forensics; Penetration testing; QMS & ISMS developers; K-Transfer
PGP fingerprint = 6E62 A089 E3EA 1B93 BFB4 8363 FFEC 3976 FF31 8A4E
Philippine Linux Users' Group (PLUG) Mailing List
Searchable Archives: