There is not "one" version when they are patching glitches and making corrections throughout the night. There are N number of versions equal to the number of deployments onto the machine. Even if they are declared to be the "same" version, only a full diff or a properly-implemented checksum would be able to confirm if this is true. Developers should also prove through their work what bugs were corrected and where they changed the code to correct the issues at hand and auditors should ask themselves whether their changes make any sense given the context of the election and also demand to see what tests were performed to ensure that their products were working properly.
If the machine was potentially exposed to an external source that could have been used to manipulate the count or the software itself (USB attacks, unsecured or open-gated access to the internet, etc), then the number of deployments made is completely immeasurable and unreliable to use in an election setting.
If the multiple versions were properly organized, it would be very easy to audit, much like a business would under audit if they had all of their supporting statements and documents lined up ready to go along with their tax forms. They would have change logs, be able to show off what happened and who worked on what to fix the issues, and they would be very embarrassed to have ANY glitches, especially ones that would impact the vote at all (I'm not talking about a minor display glitch here).
Given the sheer number of issues that occurred, if they can't properly account for the events of the evening and have a walking machine code story to explain what went wrong (showing ALL checkins and deployment pushes), I would be throwing them into full audit mode. All this assumes that the machine was secured as well; if there was unsecured remote connectivity to the machine, then even if the techs were legitimately fixing issues, a third party could have manipulated the files to look however they want them to be.
Other items to note:
Sitting in front of a machine and explaining how it works is NOT an audit.
Watching it run in a controlled setting is NOT an audit.
Performing a recount using the same machines and/or the same people is NOT an audit.
Don't fall into this trap.
There is not "one" version when they are patching glitches and making corrections throughout the night. There are N number of versions equal to the number of deployments onto the machine. Even if they are declared to be the "same" version, only a full diff or a properly-implemented checksum would be able to confirm if this is true. Developers should also prove through their work what bugs were corrected and where they changed the code to correct the issues at hand and auditors should ask themselves whether their changes make any sense given the context of the election and also demand to see what tests were performed to ensure that their products were working properly.
If the machine was potentially exposed to an external source that could have been used to manipulate the count or the software itself (USB attacks, unsecured or open-gated access to the internet, etc), then the number of deployments made is completely immeasurable and unreliable to use in an election setting.
If the multiple versions were properly organized, it would be very easy to audit, much like a business would under audit if they had all of their supporting statements and documents lined up ready to go along with their tax forms. They would have change logs, be able to show off what happened and who worked on what to fix the issues, and they would be very embarrassed to have ANY glitches, especially ones that would impact the vote at all (I'm not talking about a minor display glitch here).
Given the sheer number of issues that occurred, if they can't properly account for the events of the evening and have a walking machine code story to explain what went wrong (showing ALL checkins and deployment pushes), I would be throwing them into full audit mode. All this assumes that the machine was secured as well; if there was unsecured remote connectivity to the machine, then even if the techs were legitimately fixing issues, a third party could have manipulated the files to look however they want them to be.
Other items to note:
Sitting in front of a machine and explaining how it works is NOT an audit. Watching it run in a controlled setting is NOT an audit. Performing a recount using the same machines and/or the same people is NOT an audit.