June 17, 2004

Voting Machine Challenge = Good Threat Model

I noticed I have a few posts here on all the hand wringing over voting machines. I believe the issue of voting machine reliability is a leading indicator for customer perception and analysis of the reliability and security of many devices.

One thing missing from this debate has been a clear explaination of the threat model all the computer security types are up in arms about. Simply bumbling about yelling "the security is broken" gets attention from the techie community, but leaves the rest of the market scratching their heads wondering what should be done next. (Other than send a PR person into the fray to deny everything.)

Writing down and debating the threat model is a good start. Writing a threat model and proposing to turn it into a public challenge is one of the best ideas in a while. Avi Ruben has done just that.

The announcement. (Somebody please get Avi a real PR person)
The challenge [PDF].

Additionally, (via Farber's IP list) the NY Times today has an article on Kevin Shelley, California's Secratary of State, who has effectively stalled the market for electronic voting machines by demanding paper back-ups of all California elections. The voting machine vendors need to snap out of denial and start publically proving the validity of meaningless words on the quality of their products.

Posted by Abner on June 17, 2004 06:40 AM
Comments ARE BROKEN Send email instead - Thanks!

Recent Entries
iPhone's SIM Locks: Hardware vs. Software vs. Lawyers
Even (or especially) contests could use a security review
Vendors Responses: Voting Machines and the Pwnie Awards
Dude "Security Rocks"
iPhone Wi-Fi Vulnerability
Harry Potter Security
iPhone Hacking & Fustrations
Let the iPhone Hacking Begin
Geer heads to Washington, Again
This Just In: DRM still doesn't work
Phishing meets Internet Advertising
How long to unlock the iPhone Operating System?
Predictive Markets For Politics
The Irony of Phone Security Google Ads
Why Biometric Fingerprint Readers Are A Waste
How to Blag an Interview
Yet another Boston marketing flub
MAC vs. Vista Security
The latest in physical security
Data Loss Archive
Guerrilla Marketing Backfires in Boston
NY Times on the "Market" For Software Vulnerabilities
Not marketing security, marketing *during* security