February 11, 2008 at 10:42 pm
I was recently an Expert Witness in NJ in a State Supreme Court trial about the Alcotest 7110 Mk III, the device used in that state. While it's true that asking for the source code could be a dodge, I have to say that state and local governments have not done a credible job of selecting devices for their state, and the manufacturers have done a bad job producing their software. I reviewed the source code for the Alcotest, and I was shocked at how bad the code was. There was no design documentation, the code was basically hacked and glued together. I found 20 serious defects in the code, and a lint process uncovered over 19,000 additional defects. There were also over 50 functions (thousands of lines of code) that were intentionally bypassed, but not removed from the code. The State's reviewer admitted to only one defect, but they did not mention that that defect would have "crashed" the program. And they could not prove that the code was executed or not
All law enforcement organizations only require that devices be approved by the National Highway Transportation Safety Council. But that organization does not test the software.
I feel all of this could be avoided if the state and local organizations adopted a standard like the FAA's DO-178B, or the IEC 61508 Safety standard for software. I think instead that the officials are relying on salesman for proof of accuracy. If standards were met, then the state would have a much stronger case when people challenged the device.
In most of these cases, the manufacturer refuses to show the code, and the defendant is set free. NJ was an unusual case.
If standards are not adopted, then I say disclose the code, and let's find the shortcomings. No manufacturer in possession of a rival company's code would directly use it anyway. I feel that these companies are really worried about how bad their code is, and letting the competitors find out.
John Wisniewski
Viewing post 31 (of 31 total)
You must be logged in to reply to this topic. Login to reply