This is how I read it:
They did a review of some of the tests, but ran all.
The source code was reviewed in its entirety.
They found vulnerabilities, but because "[...] these potential
vulnerabilities would be exploitable only by a vendor insider attack.
No open issues remain for this area of review."
Problems and discrepancies they found are in an attachment to another report and in jira, both of which are confidential.
this post was submitted on 15 Jul 2025
9 points (100.0% liked)
Programming
21924 readers
692 users here now
Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!
Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.
Hope you enjoy the instance!
Rules
Rules
- Follow the programming.dev instance rules
- Keep content related to programming in some way
- If you're posting long videos try to add in some form of tldr for those who don't want to watch videos
Wormhole
Follow the wormhole through a path of communities !webdev@programming.dev
founded 2 years ago
MODERATORS
Any issues with transparency there? I always heard these voting machine companies fight tooth and nail to protect their IP…when I hear “confidential” it doesn’t inspire a great deal of confidence (no pun intended), but I’m admittedly paranoid and not very familiar with this subject.
Its probably the usual closed source, but maybe not, I can't take more of the abbreviation soup.
The other big danger is a attacker from the inside, and unless they have a amazing solution in their confidential jira, they just declared it not a problem.