Tuesday, July 21, 2009

Comelec Source Code Review of Election Software?

A step in the right direction, that's what I call the recent news about the Comelec asking for advice fro IT and Information Security exports in the Philippines on how to conduct code review for the automated election software it will be using for the 2010 elections

Manual Code reviews, something quite unheard of in the Philippines, is offered as a service by a lone company (as far as i know) and they're really having a hard time marketing such Source Code Review Services besides their relatively easy to market Vulnerability Assessment and Penetration Testing Services.

Source Code Reviews are necessary in information security to eliminate or at least minimize the risks of security flaws, bugs and even backdoors installed in programs by developers and programmers, particularly the common programmer unaware of secure programming practices.

After code review and intense scrutiny, the code should be at least signed to verify if it's not tampered or else we have another case of "dagdag-bawas" in the midst of the May 2010 Philippine National Elections-- election cheating to the next level!


  1. I think the battle between cheaters and guardians has gone to a whole new level =)

  2. dr lawrence, right you are...next level

  3. for me, the issue of "comelec source code" is a matter of national security. in fact viewing the source code to public will trigger other programmers to copy, edit, and make new programs out of it without any hassle. That means, they make come up a new program that will and may intensify cheating in the long run. On the other hand, viewing source code to public may hinder the Comelec and other corrupt officials to blatantly corrupt the automated election. They can only done their dirty tactics if they will hire expert programmers and hackers. Viewing the source code to public will one way or another violate the IP right of the manufacturer and programmers against those "naughty" programmers. It will be easy for the later to "copy and paste" the codes. For me, viewing the source code should be limited only to ligitimate agencies or screening body that is being well represented from the politicians, programmers, IT practitioners and others.

  4. COMELEC CHAIRMAN MELO assured us that COMELEC will make the source code of the Automated Election System available for review once it is customized and gets certified sometime in February. Yes, we have no problem with promises. Lovers often do that. Groovy? We’ll see.