Page 1 of 1

FIPS 140-2

Posted: 25 Sep 2013 17:32
by mdr2013
Hello,

Is the VLC plugin Federal Information Process Standdard (FIPS) 140-2, http://csrc.nist.gov/publications/PubsFIPS.html, compliant? If not, are there any plans to implement it in a future release?

Best regards and thanks in advance :)
mdr2013

Re: FIPS 140-2

Posted: 27 Sep 2013 01:35
by Jean-Baptiste Kempf
Seriously, noone knows. You cannot expect a group of volunteers to review a 60+ pages document, for a codebase of more than 10 millions lines of code.

VLC is used by many administrations, so either you trust them, or you must do the review of the document, by yourself.

Re: FIPS 140-2

Posted: 28 Sep 2013 11:18
by TNZ
I agree with Jean Baptiste and I can add informations about FIPS 140-2.

This agreement is used generaly for Host Security Module (HSM) and others professional softwares around payment card industry. FIPS 140-2 is recommended in PCI-DSS requirements for example.

One more thing, FIPS140-2 agreement is the goal of a long procedure where the candidate software can be modified. Those modification are asked by the US administration, the one who delivers the agreement.
--------------------
Jean Baptiste,
Je me demande bien à quoi pourrait servir cette certification dans VLC. De plus, faut fournir les sources, mais surtout apporter des modifs fonctionnellement très discutable par rapport à VLC.

TNZ

Re: FIPS 140-2

Posted: 28 Sep 2013 11:48
by Jean-Baptiste Kempf
For whatever reasons, some people from va.gov want us to be FIPS 140-2 compliant.

When I said that this was not our job to do so, especially for complex compliance of a foreign countries, they insulted us:
French people are smart butts.
The US military and administration are using VLC for years, but it is not enough for those.

Some people have a hard time understand what volunteer mean.