[pushtheenvelope]

you are correct. The EVMs have definitely helped in this regard.

That said, threat models keep evolving. As EVMs are now used, one needs to incorporate EVM manipulation in the threat model as well.

The way to stay ahead of these threat models is to have an open, transparent process. A simple way to do that is to publish the design spec of the EVMs, and any source code. Invite audit from the world. Hiding it away is just "security by obscurity", which is well-known in the security community as not being good practice.

[_jgdh]

> well-known in the security community as not being good practice

The folks in charge of making decisions don't understand security. I'm not criticising them, it's quite reasonable that a layman would think that security by obscurity works.

[Arnt]

They have a threat model, their threat model is based on reality, and their security is pretty good against the threat model. How can you say they "don't understand security"?

They also (viewed from a distance) seem to ignore people who talk about security without talking about threat models.

Security by obscurity seems to be very nearly irrelevant to the Indian Electoral Commission's security model. Security by obscurity is bad, of course, but in that model it's such a minor factor. If I were the commission I'd file people who disregard the threat model and talk about minor factors under "b" for "bikeshedders".

[pushtheenvelope]

yep, agreed!

I wish that was not the case, though, and its up to us as the tech community to educate our policymakers.