George Adams, president and CEO of SSH Communications Security Inc., a Wellesley, Mass.-based vendor of encryption products, said that concerns about the use of OpenSSL in government environments are valid. As an open-source tool, OpenSSL is subject to constant changes that would invalidate its certification on a regular basis, he said.

Marquess dismissed such concerns. He said that the security policy associated with OpenSSL guarantees that the source code used to generate the cryptographic module is unmodified at all times.

Sidebar

Briefing room: OpenSSL

WHO: The Open Source Software Institue (OSSI), sponsored by the Defense Medical Logistics Standard Support program.