Oracle, OpenSSL and SafeLogic partner to update FIPS module

By Fran Roberts
Oracle, OpenSSL and SafeLogic have announced a seed investment in developing the next generation open source OpenSSL 1.1 FIPS (Federal Information Proce...

Oracle, OpenSSL and SafeLogic have announced a seed investment in developing the next generation open source OpenSSL 1.1 FIPS (Federal Information Processing Standard) 140-2 module, and called for others to join the effort.

The FIPS 140-2 is a joint US and Canadian government security standard for testing cryptographic modules, the objective of which is to ensure the use of strong and validated cryptographic protection in US and Canadian government systems.

However, it’s also widely respected and informally accepted by other countries and non-government industries as a strong and trustworthy standard for cryptographic modules used within commercial products. 

OpenSSL, in turn, is the most widely used and respected cryptographic library protecting data transfers across computer networks. 

In 2014, OpenSSL gained widespread attention with the discovery of the Heartbleed bug, a security flaw that could allow a remote attacker to retrieve private memory of an application that uses the OpenSSL library in chunks of 64k at a time.


While the vulnerability was subsequently fixed, the event served as a wake-up call about the need for participation, support, and funding for OpenSSL and other heavily used open source software.

According to the companies, the current FIPS module for OpenSSL has not had a significant upgrade since 2012, while encryption standards have evolved significantly.

“Ensuring that OpenSSL maintains an up to date FIPS implementation is critical to helping maintain the security posture of sensitive data on government systems and the continuous safety of millions of transactions performed daily. We as a community have a responsibility to maintain the confidence of users in these systems,” said Jim Wright, Chief Architect, Open Source Policy, Strategy, Compliance and Alliances at Oracle.

“Given the complexity of the task at hand, we encourage other software vendors to join us in and donate to this project to deliver a free, open-source FIPS module that will benefit everyone.”

Helping drive the updated OpenSSL FIPS project forward, Oracle has made a $50,000 seed investment to start the project, with another $50,000 to follow based on the progress of the effort.

“Oracle has made a significant pledge, underscoring their crucial role in the future of open source FIPS 140-2 capabilities,” said SafeLogic CEO Ray Potter.

“Other sponsors with a vested interest should get in touch with SafeLogic to arrange their own donations, as we are administering contributions to directly fund both the hard and soft costs of the OpenSSL 1.1 FIPS Module project.”

SafeLogic, a company that provides strong encryption products for solutions in mobile, server, cloud, appliance, wearable, and IoT environments certainly has an interest in upgrading the module.


Featured Articles

Robot dining staff on call to help care in the community

Robots are ready to serve seniors as retirement communities struggle with staff shortages, and a new report says pensioners appreciate a metal maître d

BlackBerry drives its QNX technology to the cloud with AWS

BlackBerry has expanded its work with Amazon Web Services, which will see the Canadian security company’s embedded systems and AI available in the cloud

6G: Predictions for the network of the future

With cloud-based technology enabling higher speeds and microsecond latency, experts predict 6G will transform the world. The next generation is coming

Blockchain in space could take tokens and NFTs into orbit

Digital Transformation

ICYMI: Top 10 DevSecOps tools and cut-price animal robots

Digital Transformation

Altered Egos: Digital twins hold up a mirror for machines

Digital Transformation