Security solutions vendor Mocana has taken somewhat of a sidestep from its focus as a provider of embedded device and mobile security solutions, and has released what it calls a highly secure drop-in replacement for the widely adopted OpenSSL stack for Apache Web servers.
Dubbed NorthStar, the solution was developed from the ground up using modern programming practices and tools by security experts to ensure high code quality, Mocana said.
As an enterprise-grade secure connectivity solution for Apache web servers, NorthStar provides organizations with a high-quality secure sockets layer SSL/TLS alternative to OpenSSL that can be installed on Apache servers with a single command in a few minutes.
NorthStar includes all the necessary connecting “glue” needed to provide a simple, drop-in replacement for OpenSSL, the default cryptographic library provided for Apache web servers, Mocana added.
OpenSSL has proven to be highly vulnerable, as evidenced by the recent Heartbleed vulnerability discovered earlier this year, a flaw that still plagues many enterprises around the globe. In fact, according to a recent report from Venafi, just 3 percent of external-facing servers in the world’s largest companies have been fully protected from the Heartbleed vulnerability.
“Complexity is the enemy of security, and with 457,000 lines of code that need patching seemingly every week, OpenSSL has kept many IT managers awake at night, waiting to react to the next announced vulnerability. The code for the TLS stack in NorthStar is only a fraction of that size, and has been comprehensively tested,” said James Blaisdell, CTO at Mocana. “The open source community has made numerous useful and popular contributions to the software industry, including the Apache server itself. But, it is clear that in the case of OpenSSL, this route has failed to keep up with industry and compliance requirements.”
San Francisco, Calif.-based Mocana also offers its NanoSSL solution for developers to provide secured data transport in embedded devices such as switches, routers, access points and modems, as well as medical equipment, industrial sensors, smart grid devices, camcorders and other devices that comprise the Internet of Things.
Available immediately for all major Linux platforms, pricing for NorthStar begins with a low volume subscription at $350 per server annually, with volume price discounts available. The company also is offering an option for an unlimited deployment for a three-year term. Licensed customers receive source code and precompiled binaries with per-server perpetual or subscription licensing.
Related: Organizations Slow at Patching Heartbleed in VMware Deployments
Related: Heartbleed Vulnerability Still Beating Strong
Related: Recovering from Heartbleed: The Hard Work Lies Ahead

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.
More from Mike Lennon
- ‘No Evidence’ of Cyberattack Related to FAA Outage, White House Says
- SecurityWeek to Host 2022 ICS Cybersecurity Conference October 24-27 in Atlanta
- Google Completes $5.4 Billion Acquisition of Mandiant
- Cybersecurity Firm ZeroFox Begins Trading on Nasdaq via SPAC Deal
- HUMAN Security and PerimeterX Merge on Mission to Combat Bots
- Last Call: CFP for ICS Cybersecurity Conference Closes July 15th
- Johnson Controls Acquires Tempered Networks to Shield Buildings From Cyberattacks
- Snowflake Launches Cybersecurity Workload to Find Threats Across Massive Data Sets
Latest News
- Fraudulent “CryptoRom” Apps Slip Through Apple and Google App Store Review Process
- US Downs Chinese Balloon Off Carolina Coast
- Microsoft: Iran Unit Behind Charlie Hebdo Hack-and-Leak Op
- Feds Say Cyberattack Caused Suicide Helpline’s Outage
- Big China Spy Balloon Moving East Over US, Pentagon Says
- Former Ubiquiti Employee Who Posed as Hacker Pleads Guilty
- Cyber Insights 2023: Venture Capital
- Atlassian Warns of Critical Jira Service Management Vulnerability
