Oracle, OpenSSL and SafeLogic partner to update FIPS module

By Fran Roberts
Oracle, OpenSSL and SafeLogic have announced a seed investment in developing the next generation open source OpenSSL 1.1 FIPS (Federal Information Proce...

Oracle, OpenSSL and SafeLogic have announced a seed investment in developing the next generation open source OpenSSL 1.1 FIPS (Federal Information Processing Standard) 140-2 module, and called for others to join the effort.

The FIPS 140-2 is a joint US and Canadian government security standard for testing cryptographic modules, the objective of which is to ensure the use of strong and validated cryptographic protection in US and Canadian government systems.

However, it’s also widely respected and informally accepted by other countries and non-government industries as a strong and trustworthy standard for cryptographic modules used within commercial products. 

OpenSSL, in turn, is the most widely used and respected cryptographic library protecting data transfers across computer networks. 

In 2014, OpenSSL gained widespread attention with the discovery of the Heartbleed bug, a security flaw that could allow a remote attacker to retrieve private memory of an application that uses the OpenSSL library in chunks of 64k at a time.


While the vulnerability was subsequently fixed, the event served as a wake-up call about the need for participation, support, and funding for OpenSSL and other heavily used open source software.

According to the companies, the current FIPS module for OpenSSL has not had a significant upgrade since 2012, while encryption standards have evolved significantly.

“Ensuring that OpenSSL maintains an up to date FIPS implementation is critical to helping maintain the security posture of sensitive data on government systems and the continuous safety of millions of transactions performed daily. We as a community have a responsibility to maintain the confidence of users in these systems,” said Jim Wright, Chief Architect, Open Source Policy, Strategy, Compliance and Alliances at Oracle.

“Given the complexity of the task at hand, we encourage other software vendors to join us in and donate to this project to deliver a free, open-source FIPS module that will benefit everyone.”

Helping drive the updated OpenSSL FIPS project forward, Oracle has made a $50,000 seed investment to start the project, with another $50,000 to follow based on the progress of the effort.

“Oracle has made a significant pledge, underscoring their crucial role in the future of open source FIPS 140-2 capabilities,” said SafeLogic CEO Ray Potter.

“Other sponsors with a vested interest should get in touch with SafeLogic to arrange their own donations, as we are administering contributions to directly fund both the hard and soft costs of the OpenSSL 1.1 FIPS Module project.”

SafeLogic, a company that provides strong encryption products for solutions in mobile, server, cloud, appliance, wearable, and IoT environments certainly has an interest in upgrading the module.


Featured Articles

TECH LIVE LONDON: An overview of the hybrid technology show

We take a look at the first day of Tech Live London with insights from technology leaders from companies such as IBM, Microsoft and Vodafone

TECH LIVE LONDON: Begins tomorrow at 10am!

Our marquee technology event is nearly here. There's still time to claim your free ticket (worth £295). Look forward to welcoming you to the Tobacco Dock!

Executive Q&A: Marc Lueck, CISO EMEA, Zscaler

As we prepare to welcome the Zero Trust leaders to TECH LIVE LONDON this June 23-24, we take the opportunity to chat to Zscaler CISO of EMEA, Marc Lueck

TECH LIVE LONDON: Registering, networking and logistics

Digital Transformation

New speaker from Infosys announced for TECH LIVE LONDON!

Digital Transformation

New speaker from Bernadette announced for TECH LIVE LONDON!

Digital Transformation