> Trail of Bits engineers said Voatz' code was written intelligibly and free of many common security foibles, but added βit is clear that the Voatz codebase is the product of years of fast-paced development.β The summary goes on to list several technical flaws, such as a lack of test coverage and documentation, infrastructure provisioned manually without the aid of infrastructure-as-code tools, vestigial features that have yet to be deleted, and nonstandard cryptographic protocols.
That honestly sounds pretty good in terms of software quality, adding additional tests for proofs and ramping up ops are both addressable problems - especially if handled by a government sponsored team. But...
How confident are you that we could reach a well engineered and proofed electronic voting platform that also adheres to theoretical rules around vote security?
And which component of that, adherence to theoretical requirements and perfected development practices, do you see as a larger hurdle to overcome going forward?
> How confident are you that we could reach a well engineered and proofed electronic voting platform that also adheres to theoretical rules around vote security?
I don't think we can with the current commodity devices / ecosystem, even assuming that voting system software is well-written. Keeping electronic-only systems secure from nation-state level adversaries is hard.
> Trail of Bits engineers said Voatz' code was written intelligibly and free of many common security foibles, but added βit is clear that the Voatz codebase is the product of years of fast-paced development.β The summary goes on to list several technical flaws, such as a lack of test coverage and documentation, infrastructure provisioned manually without the aid of infrastructure-as-code tools, vestigial features that have yet to be deleted, and nonstandard cryptographic protocols.
That honestly sounds pretty good in terms of software quality, adding additional tests for proofs and ramping up ops are both addressable problems - especially if handled by a government sponsored team. But...
How confident are you that we could reach a well engineered and proofed electronic voting platform that also adheres to theoretical rules around vote security?
And which component of that, adherence to theoretical requirements and perfected development practices, do you see as a larger hurdle to overcome going forward?