Accession Number : ADA608189


Title :   Case Study: OpenSSL 2012 Validation


Descriptive Note : Final rept.


Corporate Author : INSTITUTE FOR DEFENSE ANALYSES ALEXANDRIA VA


Personal Author(s) : Wheeler, David A


Full Text : https://apps.dtic.mil/dtic/tr/fulltext/u2/a608189.pdf


Report Date : Aug 2013


Pagination or Media Count : 30


Abstract : This is a case study of the Federal Information Processing Standards (FIPS) 140-2 validation of the OpenSSL FIPS Object Module that led to certificate #1747 (initially awarded on June 27, 2012). This case study documents what happened during the validation, including identifying lessons learned for future projects. OpenSSL is a cryptographic library available through an open source software (OSS) license. The Defense Advanced Research Projects Agency (DARPA) provided funding for the evaluation of the OpenSSL FIPS module for two platforms in 2011 through 2012. Once DARPA committed to this initial funding, many other organizations (both government and private) joined the evaluation project by providing additional funding. Overall, this demonstrates that when organizations pool their resources, they can achieve far more than any one of them would have been willing to do on its own.


Descriptors :   *COMPUTER PROGRAMS , CRYPTOGRAPHY , LESSONS LEARNED , VALIDATION


Subject Categories : Computer Programming and Software


Distribution Statement : APPROVED FOR PUBLIC RELEASE