This is the un-fun work needed to get open source software into many different parts of the enterprise and government. It's not fun, and sometimes it's not even very difficult, but its usually very tie consuming and full of arcane knowledge.
Signed, someone who was dropped a big application and asked to make it FIPS compliant ASAP.
Open, closed, it's all a bunch of fun getting working in FIPS mode. Especially 3rd party applications. They'll call a library, that calls a library that uses something not compliant.
While FIPS is a pain in the ass, can show you potential failures your software has with using ancient crypto methods that are easy to enable and completely compromise the security of your software.
but i think there's some requirements in FIPS that are really just checkbox rather than actual security. I suppose it's easier to have a list of checkboxes to tick from a compliance perspective.
pixl97|2 years ago
While FIPS is a pain in the ass, can show you potential failures your software has with using ancient crypto methods that are easy to enable and completely compromise the security of your software.
chii|2 years ago