Many cryptosystems fail in their security function not because of the wrong choice of cryptographic algorithms or protocols, but because they are implemented weakly or incorrectly. Threats arise, for example, from side-channel attacks and fault attacks. Vulnerabilities in widely used implementations can endanger the security of a large number of systems. The fact that many systems receive no or only infrequent software updates means that weaknesses can persist in productive environments long after their discovery.

For this reason, the BSI has commissioned studies and development projects on open-source cryptographic libraries to examine and improve their security properties.

BSI project: Certification-Path-Validation Test Tool

BSI study: Source-based investigation of cryptographically relevant aspects of the OpenSSL library

BSI project: Development of a secure crypto library (BOTAN)

BSI study: Security Analysis of TrueCrypt

BSI study: Security Analysis of VeraCrypt