Just because those companies have certifications it doesn’t mean they can’t make a mistake.
In addition to that, the source code is closed and not generally auditable by third parties.
I was a student under Diego Aranha (a cryptography researcher from Brazil, now based in Denmark) many years ago when he got the chance to participate in the public test/audit of the voting system software.
At the time they did find issues with the code that would allow you to de-anonimize the votes cast in a voting machine [1].
EDIT: If anyone wants to take a look at the vulnerabilities found at the time, check the paper [2]. In fairness the paper is from 2013, so a lot may have changed.
The OP is talking about the inability to audit the code actually running at the time of voting. You can audit the code in the repo all you like but if the hardware of the voting machine is compromised, or the code you audit is modified or replaced sometime before execution, or there is other malicious code running on the machine interfering with the voting then your audit is useless.
It's one of the selling points of IBM's OpenPOWER initiative - fully open source firmware (including an open source BMC). Certain types of customers are very interested in auditability of their entire stack for security purposes...
I don’t think you’ve understood the original premise. Suggesting that closed source software isn’t auditable Is laughable. No one who does software audits for a living supports that premise.
They are making the claim that they are doing it for security reasons, why wouldn't they want the code audited? A gov't employee could write a backdoor just like a private sector employee.
I’ve been primarily pentesting medical devices for the past few years and these companies will never willingly hand over code. If you want the code to audit then you’re going to have to yank it out of memory, a jtag or come up with some other disclosure. Not to excuse these companies, but they’re under an enormous amount of regulations between so many different regulatory bodies. But there’s a lot of reasons why infosec people avoid medical stuff in the first place, it’s not for the faint of heart. But then there’s probably worst stuff out there.. like auditing diebold voting machines.
It's useful for source auditing. A lot of third parties like to review source code of things on behalf of customers, this makes it a bit more straightforward.
"I don't think there are competent people available for auditing source code."
Probably not, but by requiring companies to disclose source code on request, effective independent audit of that code is merely improbable versus effectively impossible.
reply