In a press release earlier today, John Weathersby, Executive Director of the Open-Source Software Institute (OSSI) announced progress on getting the core cryptographic module of OpenSSL, which has been designated "OpenSSL Cryptographic Module v1.0," certified by the National Institute of Standards and Technology (NIST). Details and a FAQ are here .

Validation of this code is significant, because it's the first validation applicable at the source code level. By validating this source code, the door is opened to lower cost applications that require cryptography. The validation process is fairly long and complex, but the code has been submitted to the testing lab, and the vendor evidence package is expected to be at NIST at the beginning of the new year.

It's interesting to note that validation requires a certain level of stability for the code, not a feature commonly associated with Open Source projects. However, that issue has been addressed by segregating the relevant crypto algorithms in a special branch of the source tree. That way, the validated code can be maintained separately from the rest of OpenSSL, which is an actively maintained Open Source project.

The validation process is time consuming and expensive by Open Source standards, so the project is being supported by a group of participants, including the Defense Medical Logistics Standard Support Program (a DoD medical logistics program), HP, DOMUS IT Security Laboratory, PreVal Specialists, Inc and representatives from the OpenSSL Project.