Andrew Plato wrote: >>But I still question the "secret for obvious reasons" assertion. The >>reasons are far from obvious. "Importance" doesn't cut it at >>all. Who is >>mandating the secrecy? The State, Sabre, or Anitian? Whoever >>it is needs >>to get some better advice. >> >> >Confidentiality agreements. Its company policy at Anitian to never >discuss the details of our client's security in a public forum. I cannot >disclose anything about this project because it would be a violation of >those covenents. > Fair enough: it is the State that imposing the "secret" approach, and Anitian is just diligently following the relevant NDAs. I would hope that the code will be revealed in the future, but that is up to the State. >If you want details of this system, you'll have to talk to the Secretary >of State. Its their project, so they will decide what to disclose. > They will have to decide, but I would hope that their hired security expertise (Anitian) will make them aware of the significant advantages of opening the system, and the significant risks of keeping it closed. Caveat: there is a *big* difference between "revealing the source" and "Open Source(tm)". The former just reveals the source code to the public, while (potentially) keeping the code proprietary to the vendors. Only the latter grants the right to modify and distribute the code to the public. IMHO, revealing the source is a requirement to preserve public confidence in the integrity of the electoral process. OTOH, I see no particularly compelling reason for election code to be fully Open Source. I understand that, as a contractor, Anitian likely cannot take a public position on what should be done here. However, I would hope that in private, Anitian urges the State to open the source. Crispin -- Crispin Cowan, Ph.D. http://immunix.com/~crispin/ CTO, Immunix http://immunix.com Immunix 7.3 http://www.immunix.com/shop/
This archive was generated by hypermail 2b30 : Mon Jan 26 2004 - 00:12:53 PST