Key Considerations: Testing, Source Code Review and Certification
For Implementing Bodies
- Are necessary levels of testing of the electronic voting and counting systems going to take place, including, as recommended, acceptance testing, performance testing, stress testing, security testing, usability testing and source code review?
- Are any external independent actors involved in the review process?
- Is there a plan in place to conduct full system testing sufficiently in advance of the elections?
- Is access to the source code also made available to independent experts and stakeholders to check for errors or malicious code?
- Will a certification process be conducted by an authority independent of the EMB to provide independent assurance that the electronic voting or counting solutions meet a certain set of standards?
- Have sufficient time and resources been allocated for the testing and certification process to address any issues that are identified during these processes?
For Oversight Actors
- Which tests are conducted?
- Does the EMB conduct the tests or does the vendor? If the vendor, does the EMB remain engaged and provide oversight of the process?
- Are tests conducted sufficiently in advance of elections so that any problems encountered can be addressed?
- Is the source code for the electronic technologies open source? If not fully open source, do observers and party representatives have sufficient access to inspect the source code, including not being restricted in reporting their analysis of its content by the use of any non-disclosure agreements? For their part, election observers and parties should ensure they have the capacity and/or expertise to comprehensively inspect the source code.
- Are all test reports available for review by political actors and observers?
- Is an independent certification process conducted, and, if so, are the processes and results publicly available?