As part of our ongoing journey, OpenSSL is evolving to provide more opportunities for engagement that more effectively align with our mission statement and promote our values. OpenSSL is implementing various mechanisms to foster greater community involvement and enable our communities to play a key and active role in the decision-making process.

New Governance Framework

OpenSSL has two independent, co-equal organizations to support the OpenSSL Mission:

• The OpenSSL Foundation primarily focuses on non-commercial communities.
• The OpenSSL Corporation primarily focuses on commercial communities.

This balanced approach ensures that both entities can operate independently and make decisions autonomously.

The OpenSSL Library is just one of the projects that adheres to the OpenSSL Mission.

Board of Directors

The OpenSSL Management Committee (OMC) has been dissolved, and two boards of directors have been elected for the Foundation and the Corporation. Each organization has ten voting members. These boards share all the responsibilities and authorities of the former OMC co-equally.

Community Advisory Committees

To further engage our communities, we are establishing two advisory committees for each entity: a Business Advisory Committee (BAC) and a Technical Advisory Committee (TAC). The communities will elect the members of the BACs and TACs, creating a direct channel for community input in roadmap development and reflecting the diverse perspectives of OpenSSL’s communities.

New Projects under the OpenSSL Mission

Bouncy Castle and cryptlib are two existing established projects that have adopted the OpenSSL Mission and Values. Adherence to the mission and values is mandatory for all existing and future projects. Support from the Foundation and the Corporation is available for all projects under the OpenSSL Mission on an opt-in (voluntary) basis.

Collaboration between the OpenSSL Library, Bouncy Castle and cryptlib is beneficial to all our communities by encouraging innovation, improving security standards, and addressing common challenges more effectively.

Bouncy Castle

Bouncy Castle provides open-source cryptographic APIs for Java and C#. Established over 20 years ago, it offers FIPS-certified solutions, long-term support releases, and quantum-ready cryptographic support. The project’s extensive documentation, robust security features, and active community engagement make it a trusted resource in the cryptography domain. Their products are widely used, with millions of downloads monthly, ensuring secure and reliable cryptographic implementations for developers globally.

For more information, visit Bouncy Castle.

cryptlib

cryptlib is a comprehensive security software development toolkit that integrates world-class encryption services into applications. It supports a broad range of security protocols including: SSL, TLS, SSH, S/MIME, and PGP. Highly portable, cryptlib runs on various hardware platforms and operating systems, making it suitable for embedded systems. With over two decades of proven reliability, cryptlib simplifies security implementation by offering a single API for developers, enhancing both efficiency and cost-effectiveness.

For more details, visit cryptlib.

Timeline and Future Plan

• Business Advisory Committees for both entities will be established at the end of October 2024.
• Technical Advisory Committees will be established by the end of April 2025.
• The OpenSSL Technical Committee will be dissolved after establishing all the Business and Technical Advisory Committees.
• An OpenSSL user conference will be held in Europe in the last quarter of 2025.

This new governance model increases community involvement, motivates the communities to play an active and essential part, and provides more opportunities and mechanisms to participate in decision-making processes in the OpenSSL Mission.

Stay tuned for further information.

If you have any questions or comments contact us at marcom@openssl.org.