August 19, 2017
Oracle has announced that it has partnered with SafeLogic and OpenSSL to work on next generation FIPS module. The three companies have announced a seed investment in order to push forward the development of the next generation open source OpenSSL 1.1 FIPS 140-2 module. The three also called the others in the community to join the effort.
“Oracle has made a significant pledge, underscoring their crucial role in the future of open source FIPS 140-2 capabilities,” said SafeLogic CEO Ray Potter. “Other sponsors with a vested interest should get in touch with SafeLogic to arrange their own donations, as we are administering contributions to directly fund both the hard and soft costs of the OpenSSL 1.1 FIPS Module project.”
The Federal Information Processing standard (FIPS) is a joint Canadian and US government security standard for testing cryptographic modules with the objective to ensure the use of strong and validated cryptographic protection in U.S. and Canadian government systems. This standard is respected and considered throughout the world. But the module has not received a major update since 2012 and Oracle is investing to keep it up to date.
OpenSSL is the most widely used cryptographic library protecting data transfers across computer networks in the world. “Ensuring that OpenSSL maintains an up to date FIPS implementation is critical to helping maintain the security posture of sensitive data on government systems and the continuous safety of millions of transactions performed daily. We as a community have a responsibility to maintain the confidence of users in these systems,” said Jim Wright, Chief Architect, Open Source Policy, Strategy, Compliance and Alliances at Oracle. “Given the complexity of the task at hand, we encourage other software vendors to join us in and donate to this project to deliver a free, open-source FIPS module that will benefit everyone.”
Oracle has pledged $50,000 to drive progress and has pledged $50,000 more based on the progress of the project.