The OpenSSL library of encryption algorithms has just been patched by the OS Software Institute. This open source module has been utilized at many government agencies, and is an interesting example of two things: the effectiveness of Open Source technologies in the most demanding environments and how the kind of work that still needs to be done in the government sector regarding secure Internet infrastructure:
"For FIPS 140-2 validated software no changes are permitted without prior CMVP approval so neither of these patches can be applied to the v1.1.1 distribution for the purposes of producing a validated module," Steve Marquess of OSSI said in the announcement of the patches.

That means that for the time being federal users must continue using the flawed software or patch it and go out of compliance.

The link for this article located at Government Computer News is no longer available.