The EVM Rigmarole

The current EVM challege makes a travesty of security testing.  It is surprising that nobody from the IT security arena is speaking up.  If the charges levelled by the opposition are true, one can be sure that a compromised machine will never be brought to the challenge.  If the EVMs were dumb terminals connected to a central server, then testing the server might suffice.  In the current distributed scenario each single machine needs to be tested for integrity.  How will the challenge ensure this?

I do not know whether EVMs were custom made to EC's specifications or just generic machine purchased off the shelf?  In either case, did the EC get the source code and security features examined by any experts?  How would the EC know if the motherboard or the stored program was changed in a set of machines by unscrupulous maintenance people?

In my humble opinion the correct way of ensuring correct functioning of EVMs should be as follows:

1. There should be a single executable running on all EVMs and its source code should be with the EC and also in the public domain.
2. Each political party should be given a copy of the compiled executable code.
3. All EVMs should have an USB port and connecting a pen drive should trigger a program to prompt the user to enter filename for comparison with the stored executable.
4. Each party should give its booth workers an USB with the correct executable and a couple of random files.
5. A willing worker at any booth should get an opportunity to test the machine by inserting the USB and comparing a few random files and the correct file with the resident executable.

This, of course, is only indicative and not exhaustive.

Views of IT experts are invited in the matter.