The flaw affects OpenSSL versions 1.02, 1.1.1, and 3.0, all of which have been patched. OpenSSL is a core component of Unix and Linux-based systems, and is also bundled into software applications that run on Windows.
NIST has spent years painstakingly selecting a new set of encryption algorithms that can withstand future hacks from quantum computers. Along the way, it must deal with the additional challenge of building a process flexible enough to account for the potential failure or breakdown of any one solution.
The agency is asking for companies and research firms to apply for cooperative research partnerships with the government to help develop technology and tools that would inform a “roadmap” the agency is devising to guide businesses and agencies on implementation.
A document released by the agency this week provides insight into how national security organizations responsible for keeping sensitive classified or unclassified data safe from hackers and foreign intelligence services should approach replacing their classical encryption protocols with new quantum-resistant ones.
A recent, damning report on the pharma sector found most entities are actively, and often inadvertently, exposing data through unsecured endpoints. As COVID-19 keeps pharma in cybercriminals’ focus, the need for zero trust security is more apparent.
While government agencies and standards bodies are racing to test and vet new quantum resistant algorithms for widespread consumption, a small but growing industry of vendors has popped up offering to sell such protections to the broader public. What should potential buyers make of such offerings?