David Hook, Director/Consultant, Crypto Workshop. The Bouncy Castle project finished 2016 with FIPS certified versions of both the C# and Java APIs, processes that were started under the mistaken belief that the real problem was raising the money to do it. It did not take very long for this illusion to be dispelled and for it to become obvious that there is also a culture clash between the way Open Source projects like Bouncy Castle traditionally work, and the processes that result from the way certification bodies such as NIST work.
This talk will look at how that culture clash became apparent, what we at the Bouncy Castle project did to deal with it, and how we have tried to change our approach to have less issues in the future. The talk will also try provide some thoughts about the whole process which may show that some changes in approach to the process as a whole by all parties involved might help as well.