OpenSSL 1.1 FIPS Module Validation Effort to Be Led by SafeLogic
After the Heartbleed bug, OpenSSL resolved to build a new and improved version of the ubiquitous open source encryption software. Unfortunately, the new version (1.1) was not approved for use in the federal government or other regulated industries. That is soon to change, with SafeLogic leading the effort to secure FIPS 140-2 validation for a new open source cryptographic module built for the 1.1 software! Read further for more details.
Palo Alto, California, July 21, 2016 (Newswire.com) - SafeLogic, the company re-inventing how encryption is delivered, is proud to announce plans to build and validate an open source FIPS encryption module for use with OpenSSL 1.1. The project will be completed in conjunction with the OpenSSL team itself and Acumen will be the testing lab.
Due to the significant upgrades from past versions of OpenSSL, this effort has been characterized as 'the single most important FIPS 140-2 validation of our generation'. The existence of such an open source FIPS module for OpenSSL 1.1 and a NIST certificate to match will have major implications for federal government technology procurement and strategy, as well as in the private sector. Much of the world's software deploys OpenSSL and the lack of an available open source FIPS module would have crippled many companies' ability to innovate in regulated industries.
SafeLogic's central role in the effort will ensure that nobody has more expertise or knowledge in the design, operation and validation of OpenSSL 1.1 modules than our team.
Ray Potter, CEO
The effort announcement is detailed further in blog posts by OpenSSL, SafeLogic, and Acumen today, with updates soon to follow.
"This is a major turning point," said SafeLogic CEO and founder Ray Potter. "The possibility that OpenSSL 1.1 would have not had an open source FIPS validated module was very real, and that would have been a huge stumbling block for the technology industry. We are excited to lead the effort for the validation and we're excited to share more of our plans soon."
For more information on this announcement or SafeLogic’s products and services, please contact Walter Paley, Director of Marketing, at Walt (at) SafeLogic (dot) com or (949) 257-2539.
About SafeLogic
SafeLogic’s product line is focused on standards-based cryptographic engines designed for use in cloud, mobile, wearable, IoT, server, workstation, and appliance environments. These modules have been fully validated to FIPS 140-2 standards and offer drop-in OpenSSL and Bouncy Castle compatibility, a variety of connectors to accommodate unique product architecture, and instant compliance for federal deployments to SafeLogic customers.
Even better, SafeLogic modules include RapidCert, the industry’s only FIPS 140-2 validation service that provides a certificate in the customer’s name, while drastically accelerating the timeline, requiring no additional engineering effort, zero interaction with testing labs, and at a fixed cost.
SafeLogic’s customers are among the most influential and innovative companies in technology today, including Symantec, Intel, Raytheon, and Hewlett Packard Enterprise. SafeLogic was established in 2012, is privately held and is headquartered in Palo Alto, California.
# # #
Source: SafeLogic