Perception is 90% of one’s reality on a bad day. Who said that? But its true. And to your point about design approach, I may be making a fool of myself, but you either have had access to internal documents our CTO and a couple of tech staff are working, or have actually spoken with John (for which I am foolishly unaware).

Point is, much discussion is raging about approach, and in particular [a] focus on threat environment {real, perceived, potential, actual}, [b] the objectives to counter, and [c] requirements. Of these issues, requirements gathering will be a significant and critical undertaking.

Let me say something more about that. We’ve said all along (I’ll dig up a reference here at some point) that the success of this project is predicated on the participation of the public. We’ve asserted that anyone who is eligible to vote can help. But to be specific about "help" we intend to recruit as many state elections officials and administrators as we can — ideally every single member of NASED if possible.

These stakeholders have had a bum rap to date wherein we’ve heard stories of vendors promising them active participation in design reviews to pre-release access and promises to incorporate feedback into design revisions. Seldom (apparently) has any of this really happened. In this case, the OSDV Foundation believes participation of these stakeholders is essential to the outcome. However, it doesn’t stop there. These stakeholders, while the most conversant about their particular requirements and usage experience, they are not necessarily domain experts about digital data security, privacy controls, or the details of software, hardware or systems design. People — perhaps such as yourself — become an equally imperative participant in requirements gathering, design, RFC processes, peer-reviews, and the like.

That awkward segue brings me to you, Scott. Certainly individuals like yourself are imperative you the success of this project. So we certainly hope we can engage your creativity and common sense and others like you. So, your ball.

Cheers

GAM|out

You are absolutely correct that a top-down “patch the vulnerabilities” approach will not result in a trustworthy system. What is needed is a design approach that focuses on the threat environment, the security objectives that counter the identified threats, and the functional and assurance requirements that will be used to implement those objectives.