Slashdot Mirror

← Back to Stories (view on slashdot.org)

OpenSSL Revalidated Following Suspension

Posted by Zonk on from the can't-keep-a-penguin-down dept.

lisah writes "Despite what looks like an organized effort to prevent it, OpenSSL has been revalidated by an independent testing agency for its ability to securely manage sensitive data and is ready for use by governmental agencies like the Department of Defense. According to the Open Source Software Institute, who has been overseeing the validation process for the last five years (something that typically only takes a few months), it seems that the idea of an open source SSL toolkit didn't sit right with proprietary vendors of similar products. A FUD campaign was launched against OpenSSL that resulted in a temporary suspension of its validation. Developers and volunteers refused to give up the ghost until the validation was reinstated, and Linux.com has the story of the project's long road to success." Linux.com and Slashdot are both owned by OSTG.

2 of 51 comments (clear)

  1. Let me be the first to say... by tomstdenis · · Score: -1, Troll

    Validation is meaningless. It's how you use the tools that matters.

    I can write an insecure application with OpenSSL just as easily as with say CryptLib or Botan or whatever.

    Tom

    --
    Someday, I'll have a real sig.
  2. YOU'RE doing NIST certification? by mmell · · Score: -1, Troll
    For who? Please tell me the U. S. Government. Ple-e-e-ase?

    It would just confirm my estimate of the IQ of the average civil-servant! (with apologies to all three of those civil servants out there with IQ's > 80)