Governance and structure

Board of Directors

As specified in the by-laws, activities of the OpenSSL Foundation are supervised by a board of directors elected from among the members. The Board of Directors elects the officer roles (President, Secretary, Treasurer). The current Board of Directors are (in alphabetical order):

Name Email Locale Role
Matt Caswell matt@openssl.org GB President
Richard Levitte levitte@openssl.org SE Secretary
Tomas Mraz tomas@openssl.org CZ Treasurer

Members

The current Members are (in alphabetical order):

Name Locale
Anton Arapov CZ
Denis Gauthier AU
Hugo Landau GB
Kurt Roeckx BE
Mark Cox GB
Matt Caswell GB
Richard Levitte SE
Tim Hudson AU
Tomas Mraz CZ
Tim Chevalier US

The members are responsible for electing the Board of Directors.

Committees

The OpenSSL Foundation has two advisory bodies which are critical in enhancing our governance structure, ensuring that the decisions reflect the diverse stakeholders involved and that our Mission and Values stay aligned with the communities’ needs.

For more information about the definition of our communities and the function of the Advisory Committees refer to the OpenSSL Communities website.

BAC_and_TAC_Diagram

Business Advisory Committee (BAC)

Academics – Nicola Tuveri (Tampere University)

A Researcher at Tampere University (Finland), I contributed to OpenSSL for the first time in 2010, later I had the honor of becoming an OpenSSL Committer and I have been serving in the OpenSSL Technical Committee since 2019. My research specializes in software and micro architecture side-channel analysis and the integration of modern cryptosystems (lately mainly PQC) in mainstream libraries such as OpenSSL. If elected as a BAC representative for the Academic Community in the [OpenSSL Foundation], I aim to help bring the perspectives of the members of our community into the strategic planning of the new governance structure for the project.*

Committers – Paul Dale (Oracle)

I have almost a decade of experience working closely with and for the OpenSSL project, including five years as an OMC member and seven years as a committer and as an OTC member. I have spent thirty-five years working for businesses from start ups to large multinational corporations on a wide range of security applications, which has afforded me knowledge, acumen and insight into the business requirements and priorities of the project and its community. I understand the nature of the funding model and I am a primary developer responsible for several of its key components. Given my background, I’m confident that I can facilitate nuanced input that represents the consensus of the committer community to inform the decisions and direction of the project via a BAC role.*

Distributions – Dmitry Belyavsky (Red Hat)

Dmitry Belyavsky has been an active participant in the OpenSSL Technical Committee over the past year, demonstrating excellent technical understanding of the [OpenSSL library]. His arguments are consistently well-reasoned and supported by data. Additionally, his role within a corporation that extensively uses OpenSSL provides him with valuable insight, combining technical expertise with a business perspective. This combination makes him a strong candidate to help guide the project’s future in the industry.

Individuals – Randall Becker

I have been the community maintainer for the NonStop port of OpenSSL since 1.0.2. My participation in Open Source goes back to the early 1990s, when I was involved in porting NFS, RPC, and other smaller components to the NonStop platform. I started in the industry in 1979. My contribution for BAC of the [Foundation] or the [Corporation] is to provide perspectives and experience from exotic platforms to the OpenSSL team. I have served on the boards of directors of two companies (one as chair) and the Richmond Hill Board of Trade (director and chair). I also have extensive experience with Roberts New Rules of Order.

Large Businesses – Tim Chevalier (NetApp)

Principal Engineer with NetApp (~20 years) primarily with security/crypto functionality for the ONTAP operating system. I’ve been an OpenSSL “user” for 25+ years and was a participant in the OpenSSL FIPS Provider Design Meetings in Brisbane and Edinburgh. I’ve led each of NetApp’s FIPS validations for our OpenSSL FIPS Provider variant. I have a special interest in helping to ensure that OpenSSL continues to maintain the code quality, crypto functionality and feature sets needed by the financial, health, and public sector business communities.

Small Businesses – no election held

No election was held, and the seat remains vacant

Technical Advisory Committees (TAC)

Academics – Nicola Tuveri (Tampere University)

A Researcher at Tampere University (Finland), I contributed to OpenSSL for the first time in 2010, later I had the honor of becoming an OpenSSL Committer and I have been serving in the OpenSSL Technical Committee since 2019. I have also been serving the Academic Community as a representative in the OpenSSL Foundation BAC.

My research specializes in software and micro architecture side-channel analysis and the integration of modern cryptosystems (lately mainly PQC) in mainstream libraries such as OpenSSL.

Committers – Dmitry Belyavskiy

I have 20+ years of experience with OpenSSL development, have been a Committer since 2019 and a member of the OpenSSL Technical Committee since 2021. I am an OpenSSL maintainer in RHEL, CentOS, and Fedora Linux distributions. My last major contribution to OpenSSL was the introduction of opaque objects for dealing with non-extractable symmetric keys (EVP_SKEY).

My main interest in OpenSSL development is its pluggability. As much extending the functionality as possible should be doable via the providers mechanism. I also think that we need to provide more handles for extending system-wide and application-wide configuration of OpenSSL as a framework.

I believe that something like maintainer’s club should be established. This club could also participate in decisions about feature branches and be involved in the CVE process.

I think that we currently don’t have enough people to review the PRs. I think we should add the role of reviewers to the role of committers. I believe that the distribution’s representatives and the representatives of major companies having their forks should be granted the status of reviewers.

I think that for better communication with various communities OpenSSL, both Corporation and Foundation, should introduce the practice of Open Hours.

Distributions – [vacant]

No election was held, and the seat remains vacant

Individuals – Igor Ustinov

I have been involved with OpenSSL since 2006, with a focus on the integration of national cryptographic algorithms. This is a fairly niche area, so I’ve learned firsthand that different users value different aspects of OpenSSL—what’s essential for one may not even occur to another. In a community of individuals, such diversity of needs and perspectives is likely to be especially broad. I believe it’s important to build an open and inclusive environment for discussion, where every voice is heard and every use case is considered.

Large Businesses – Barry Fussell (Cisco)

I’ve worked with forks of OpenSSL for 14 years. During that time, I’ve lead Cisco’s development of crypto and TLS features as well as FIPS and Common Criteria enhancements. As part of our Common Security Modules Team, we support dozens of Cisco product teams that use our OpenSSL fork. I am a current member of OpenSSL’s large corporation community. I’ve also been heavily involved in the creation of ACVP and AMVP automation working closely with NIST and NCCoE. Using that community development experience and my knowledge base from Cisco, working with a set of very diverse teams, provides an understanding of the technical interests as well as hurdles encountered by a large corporation environment. I believe that will be beneficial to the community and technical advisory team.

Small Businesses – Aditya Koranga (CORAN Labs)

Aditya Koranga is a leading expert in Post-Quantum Cryptography (PQC), Telco Security, and cloud-native technologies, currently serving as the Vice Chair of Post Quantum Cryptography Alliance(PQCA)’s TAC & Chief Security Architect at CORAN LABS, playing a pivotal role in designing and implementing various cryptographic suites and frameworks.

Aditya’s expertise spans a range of open-source projects, including OpenSSL, liboqs, cuPQC, Bouncy Castle, StrongSwan, etc. Along with that he has also led open-source communities such as ngKore and Magma India.

Aditya also focuses on the optimization of cryptographic algorithms for example in KEM algorithms: modifying distribution methods, noise sampling, and NTT reduction schemes. He has worked on cryptographic benchmarking, hardware/software crypto acceleration, and authored several technical blogs, white papers, technical reports, deployment videos on several cryptographic tools including OpenSSL and has patents in Post Quantum security.

Beyond his technical expertise, Aditya is a writer, a poet, and a rapper(sometimes, on the weekends) who enjoys reading RFCs before going to bed.

“As a TAC member, I will drive its adaptability, ensuring cryptographic solutions are effectively used and integrated into real-world applications. My focus will be on expanding contributions, fostering collaborations, and bringing more impactful individuals under OpenSSL. Beyond development, I believe in the right alignment between innovation and marketing and will work to unify the community, and ensure transparency so we can move forward together. I will also support the community in executing the OpenSSL Foundation and the OpenSSL Corporation vision, helping wherever needed to strengthen our collective mission."

OpenSSL Communities

We invite you to join the OpenSSL Communities website and take advantage of the opportunity to make your voice heard. You’re also welcome to reach out to us in other places where we are present, such as Github, or by email.

Register as a Community Member on the [OpenSSL Communities] website.

To become a member of the Advisory Committee:

  • Go to the OpenSSL Communities website and click “SIGN IN“.
  • Create your account by entering your email address and clicking “CONTINUE WITH EMAIL“.
Create Account or Sign In
  • Fill in your name and surname and click “CREATE ACCOUNT“.
Input Name
  • Enter the code from your email address and click “SIGN IN“.
  • Choose the community or communities you associate with and want to represent and click “JOIN GROUP“.
Join Group
  • Please specify why you want to join each community you wish to participate in.
Why Join Group
  • You will receive a notification once the administrators approve your request.

If you have any questions or need assistance, please contact us at communities@openssl.org.

By-Laws

The By-Laws of the Foundation are in the process of being updated.

2024 Amended By-Laws.