License with Certicom’s Security Builder Solutions Will Help Ensure FIPS 140-2 and Suite B Compliance

MISSISSAUGA, Ontario – (July 21, 2008) Certicom (TSX: CIC), an industry leader in elliptic curve cryptography (ECC) security, announced today that Tumbleweed Communications Corp. (NASDAQ:TMWD), an industry leader in managed file transfer, email security, and identity validation, will use Certicom’s Security Builder® family of solutions. Licensing Certicom’s ECC technology provides one of the highest standards of encryption for customers and will help Tumbleweed streamline future Federal Industry Protections Standards (FIPS) 140-2 and Suite B compliance efforts.

In 2007, Tumbleweed received 140-2 Level 1 certification, the benchmark standard for government agency data security, for the security kernel used in its suite of products. The license with Certicom will help expedite subsequent certification efforts through one vendor. The first Tumbleweed products to integrate the libraries that support ECC are Secure Messenger™ for email encryption and MailGate® for inbound and outbound email security. 

“By enlisting Certicom’s ECC technology, Tumbleweed is reconfirming its commitment to providing the strongest encryption and authentication capabilities that the military, federal, local and state government agencies need to maintain a secure online communications channel,” said Taher Elgamal, Chief Technology Officer of Tumbleweed Communications Corp. “In addition, working with a single, best-in-class crypto platform will help streamline future FIPS accreditation efforts – and that is exceptionally valuable.”

FIPS 140-2 is the security requirement for cryptographic modules as defined by the National Institute of Standards for Technology (NIST). The standard is required for sale of products implementing cryptography to the Federal Government. Companies who lack a FIPS 140-2 validation and are unable to prove that such a validation is in the process of being obtained will not be able to access the government market with its products.

Suite B is the set of cryptographic algorithms recommended by the National Security Agency (NSA) to secure classified and unclassified communications. In 2005, the NSA recommended ECC as the public key crypto system to protect government communications. Known as Suite B, these recommendations are part of an initiative to upgrade the security infrastructure of government communications to meet present and future security needs. ECC is used in a growing number of sectors ranging from networking, consumer electronics, wireless devices and semiconductors to government and financial services. 

“Certicom is proud to add Tumbleweed Communications to our growing portfolio of customers,” said Karna Gupta, CEO of Certicom. “Our NSA-approved technology is amongst the highest quality in the industry, and leading companies like Tumbleweed are increasingly turning to us as a best-in-class security partner.” 

Tumbleweed cautions that forward-looking statements contained in this press release are based on plans and expectations as of the date of the press release, and that a number of factors could cause the actual results to differ materially from the guidance given at this time. These factors are described in the Safe Harbor statement below.
Except for the historical information contained herein, the matters discussed in this press release may constitute forward-looking statements that involve risks and uncertainties that could cause actual results to differ materially from those projected, particularly with respect to FIPS certification of Tumbleweed products, as well Tumbleweed’s continued use of Certicom solutions. In some cases, forward-looking statements can be identified by terminology such as “may,” “will,” “should,” “potential,” “continue,” “expects,” “anticipates,” “intends,” “plans,” “believes,” “estimates,” and similar expressions. For further cautions about the risks of investing in Tumbleweed, we refer you to the documents Tumbleweed files from time to time with the Securities and Exchange Commission, particularly Tumbleweed’s Form 10-K filed March 17, 2008 and Tumbleweed’s Form 10-Q filed May 12, 2008.
Tumbleweed assumes no obligation to update information contained in this press release. Although this release may remain available on Tumbleweed’s website or elsewhere, its continued availability does not indicate that Tumbleweed is reaffirming or confirming any of the information contained herein.

About Tumbleweed 
Tumbleweed Communications Corp. (NASDAQ:TMWD), an industry leader in managed file transfer, email security and identity validation, provides enterprise-class solutions to organizations of all sizes. Tumbleweed’s innovative products enable organizations to effectively manage and protect business-critical Internet communications, with capabilities that span secure file transfer, encryption, data loss prevention, and email security. Tumbleweed has more than 3,300 customers worldwide, including blue-chip companies across an array of industries such as Technology, Retail, Finance, Healthcare, Manufacturing, Consumer Packaged Goods, Telecom, Energy, and the U.S. Government. The world’s most security conscious organizations rely upon Tumbleweed technology including Bank of America Securities, JP Morgan Chase & Co., the U.S. Food and Drug Administration, and the U.S. Department of Defense. Our award-winning products build on 15 years of R&D and 30 security patents in the U.S. alone – many of which are licensed by other security vendors. More information can be found at www.tumbleweed.com.

Tumbleweed, Secure Messenger and MailGate are trademarks or registered trademarks of Tumbleweed Communications Corp. in the United States and/or other countries. All other trademarks are the property of their respective owners. 

About Certicom
Certicom manages and protects the value of content, applications and devices with government-approved security. Adopted by the National Security Agency (NSA) for government communications, Elliptic Curve Cryptography (ECC) provides the most security per bit of any known public-key scheme. As the global leader in ECC, Certicom’s security offerings are currently licensed to hundreds of multinational technology companies, including IBM, General Dynamics, Motorola, Oracle and Research In Motion. Founded in 1985, Certicom’s corporate offices are in Mississauga, Ontario, Canada with worldwide sales and marketing headquarters in Reston, Virginia and offices in Europe and Asia. Visit www.certicom.com.

Certicom Safe Harbor Statement
Except for historical information contained herein, this news release contains forward-looking statements that involve risks and uncertainties. Forward-looking information includes information concerning Certicom's future financial performance, business strategy, plans, goals and objectives. When used in such documents, the words "plans", "expects", "budget", "scheduled", "estimates", "forecasts", "intends", "anticipates", "will", "believes" or variations of such words and phrases often, but not always, identify forward looking statements. Factors which could cause actual results or events to differ materially from current expectations include, among other things: the ability of Certicom to successfully implement its strategic initiatives and whether such strategic initiatives will yield the expected benefits; the ability of Certicom to develop, promote and protect its proprietary technology security breaches or defects in Certicom's products; competitive conditions in the businesses in which Certicom participates; changes in consumer spending; the outcome of legal proceedings as they arise; general economic conditions and normal business uncertainty; consolidation in Certicom's industry and by its customers; customer preferences towards product offerings; the risk that customers may cancel their contracts with Certicom; reliance on a limited number of customers; demand for ECC-based technology; performance of Certicom's management team and Certicom's ability to attract and retain skilled employees; operating Certicom's business profitably; fluctuations in revenue and foreign currency exchange rates; interest rate fluctuations and other changes in borrowing costs; the ability to develop and maintain strategic relationships; and other factors identified under the heading "Risk Factors" in Certicom's annual information form dated July 26, 2007 and filed on SEDAR at www.sedar.com.

For further information, please contact:

John Conrad
Merritt Group, Inc.