How Heartbleed Affects Your Security Certifications

Much has been in the news over the past couple of months about the security vulnerability known as Heartbleed. It is of vital interest to businesses and consumers, but especially so for businesses with products intended to provide security for their users. There are some specific and unique impacts to companies who are planning or are in the midst…


Updates from ICCC Include CCRA Revisions

Some of us from Corsec recently attended the 14th International Common Criteria Conference (ICCC) in Orlando, Florida, and we came away feeling that the Common Criteria (CC) community is finally coming together in many positive ways. After several years of difficult transition into defining the new CC paradigm of collaborative Protection Profiles (cPPs) and international Technical Communities (iTCs),…


Updates from the Joint CCDB/CCUF Workshop

It’s always great to get together with others from our industry to discuss advances and collaborate on moving processes forward for Common Criteria. Last month, several of us had the opportunity to work with colleagues from around the world at two separate events in Orlando, Florida. A group of us spent the first two weeks of September in Orlando, as Corsec sent multiple…

FIPS 140-2, FIPS 140-2 validation, FIPS Validation, FIPS 140-2 process, FIPS Inside, FIPS Compliant

What You Need to Know about FIPS 140-2, OpenSSL, and the new IG Requirement

You may have heard about the new interpretation of the mandatory requirement in Section 9.5 of the Implementation Guidance (IG) document, a key component of FIPS 140-2 documentation issued by the Cryptographic Module Validation Program (CMVP). This interpretation is causing conflicts with the architecture of the OpenSSL validations and how OpenSSL’s validation applies to customers using their software.

Read moreWhat You Need to Know about FIPS 140-2, OpenSSL, and the new IG Requirement