Uncategorized

  1. Time to comment on FIPS 140-NEXT

    The time has come to provide comments on the proposed successor to FIPS 140-2. NIST has put a proposal for comment to use ISO 19790 as the next revision of FIPS 140 (we like to call it FIPS 140-NEXT but it will probably end up being called FIPS 140-3). The link to the request for Read More…

  2. OPENSSL: SEVERE UNDISCLOSED BUG

    A new version of OpenSSL, the open-source software widely used to encrypt internet communications using SSL/TLS, is due to be released this Thursday July 9th, patching a “high severity” vulnerability. The developers of OpenSSL posted the following announcement to their message boards at openssl.org – “The OpenSSL project team would like to announce the forthcoming Read More…

  3. Leveraging Government Certification to Make a Better Product

    Government certifications, such as, FIPS 140 and Common Criteria sometimes get a bad rap for not being the end all in securing products. However, these certifications do help set a minimum base line of best practices that can help prevent an entity (product developer, standards committee, etc.) from making a preventable mistake. Recently a cryptanalysis Read More…