Many cryptosystems fail in their security function not because of the wrong choice of cryptographic mechanisms or protocols, but because they are weakly or incorrectly implemented. Threats are posed, for example, by side-channel attacks and fault attacks. Weaknesses in widespread implementations can then endanger the security of a large number of systems. The fact that many systems receive no or only rarely software updates ultimately ensures that weaknesses can occur in productive use, long after they have been discovered. 

The BSI has therefore commissioned studies and development projects on open-source crypto libraries to investigate and improve their security properties. 

BSI project: Certification-Path-Validation Test Tool

BSI study: Source-based investigation of cryptographically relevant aspects of the OpenSSL library

BSI project: Development of a secure crypto library

BSI study: TrueCrypt security analysis