Oracle, OpenSSL and SafeLogic partner to update FIPS module

By Fran Roberts
Oracle, OpenSSL and SafeLogic have announced a seed investment in developing the next generation open source OpenSSL 1.1 FIPS (Federal Information Proce...

Oracle, OpenSSL and SafeLogic have announced a seed investment in developing the next generation open source OpenSSL 1.1 FIPS (Federal Information Processing Standard) 140-2 module, and called for others to join the effort.

The FIPS 140-2 is a joint US and Canadian government security standard for testing cryptographic modules, the objective of which is to ensure the use of strong and validated cryptographic protection in US and Canadian government systems.

However, it’s also widely respected and informally accepted by other countries and non-government industries as a strong and trustworthy standard for cryptographic modules used within commercial products. 

OpenSSL, in turn, is the most widely used and respected cryptographic library protecting data transfers across computer networks. 

In 2014, OpenSSL gained widespread attention with the discovery of the Heartbleed bug, a security flaw that could allow a remote attacker to retrieve private memory of an application that uses the OpenSSL library in chunks of 64k at a time.

SEE ALSO:

While the vulnerability was subsequently fixed, the event served as a wake-up call about the need for participation, support, and funding for OpenSSL and other heavily used open source software.

According to the companies, the current FIPS module for OpenSSL has not had a significant upgrade since 2012, while encryption standards have evolved significantly.

“Ensuring that OpenSSL maintains an up to date FIPS implementation is critical to helping maintain the security posture of sensitive data on government systems and the continuous safety of millions of transactions performed daily. We as a community have a responsibility to maintain the confidence of users in these systems,” said Jim Wright, Chief Architect, Open Source Policy, Strategy, Compliance and Alliances at Oracle.

“Given the complexity of the task at hand, we encourage other software vendors to join us in and donate to this project to deliver a free, open-source FIPS module that will benefit everyone.”

Helping drive the updated OpenSSL FIPS project forward, Oracle has made a $50,000 seed investment to start the project, with another $50,000 to follow based on the progress of the effort.

“Oracle has made a significant pledge, underscoring their crucial role in the future of open source FIPS 140-2 capabilities,” said SafeLogic CEO Ray Potter.

“Other sponsors with a vested interest should get in touch with SafeLogic to arrange their own donations, as we are administering contributions to directly fund both the hard and soft costs of the OpenSSL 1.1 FIPS Module project.”

SafeLogic, a company that provides strong encryption products for solutions in mobile, server, cloud, appliance, wearable, and IoT environments certainly has an interest in upgrading the module.

Share

Featured Articles

Why JFK Airport is Embracing an AI-Driven Data Strategy

Leveraging Microsoft’s Azure Data Platform, Wipro's AI solution will consolidate data from various departments to a single platform for JFKIAT to analyse

Tech & AI LIVE: Gen AI Announces Four New Speakers

Tech & AI LIVE: Gen AI welcomes four new speakers from PwC, DXC Technology, Trend Micro, and Tech Mahindra

SAP Completes WalkMe Acquisition to Enhance User Experience

SAP aims to streamline digital adoption with its US$1.5bn purchase of WalkMe, signalling a significant shift in enterprise software strategy

Industrial Robotics: From Assembly Lines to AI Dogs at JLR

AI & Machine Learning

ServiceNow Xanadu a Leap Forward in Enterprise AI

AI & Machine Learning

How Deloitte, Nvidia & Oracle are Driving Enterprise Gen AI

AI & Machine Learning