I don't put a lot of effort into this page, as I want to encourage source availability for security libraries. Source availability means that anyone, customer or not, can see the unobfuscated source code to the library. That allows anyone to look for security flaws, and encourage them to be fixed. Given how hard security design is, not allowing anyone to see the source is irresponsible. I'm a fan of open source, but see source availability as a fine middle ground for a company that wants to make money off its work.

IAIK offers a family of libraries (IAIK-JCE for Java crypto, IAIK-iSaSiLk for SSL, and IAIK-S/MIME for S/Mime). Source is available at a standard price, which is better than no source, but not where they should be.

The other libraries on this list do not offer a standard price for source access.

If you know of a library that should be here, let me know.