by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : August and September 2016
[BrieFing] WIKIMEDIA.ORG GCN AUGUST/SEPTEMBER 2016 • GCN.COM 7 When the Heartbleed bug was discov- ered in 2014, the federal government largely managed to avoid significant fallout from the OpenSSL vulnerability. But agencies are now faced with a dif- ferent problem: The newer, more secure OpenSSL 1.1 lacks a critical federal validation for cryptographic software. Using it in federal systems, in fact, would be against the law. At issue is FIPS 140-2 — a standard set by the National Institute of Stan- dards and Technology and its Canadian counterpart. All federal cryptographic- based security systems that involve sensitive information must comply with it. And as Steve Marquess, a former president of the OpenSSL Software Foundation who now leads OpenSSL Validation Services, explained in a Sep- tember 2015 blog post, OpenSSL 1.1 was restructured so dramatically that new validation was needed. That effort is a long and costly pro- cess, and Marquess warned at the time that without government sponsorship, OpenSSL 1.1 could be without a valid FIPS module for the foreseeable future. On July 20, however, Marquess and SafeLogic CEO Ray Potter announced that SafeLogic would sponsor the vali- dation. “With changes over the last few years,” Potter wrote in a blog post, “the viability of legacy OpenSSL FIPS mod- ule validations have been repeatedly threatened, and the crypto community simply cannot accept the possibility of being without a certificate.” SafeLogic, which offers proprietary encryption solutions and conducts FIPS validation for other products, will sponsor the engineering work and then handle the validation effort. Acumen Security will be the testing laboratory, and the OpenSSL Project will do the engineering work. • A more secure, fed-approved OpenSSL BY TROY K. SCHNEIDER 0916gcn_006-008.indd 7 9/1/16 2:39 PM
June and July 2016
October and November 2016