Nominee: Jeff Johnson

Statement

I would like to nominate myself to represent the large business community in the Corporate BAC.  I have long believed the work that OpenSSL does is critical in securing the world's communications and data. This, of course, is fundamental in securing every individuals right to privacy. Within the context of my position at Cisco, I have been fortunate to work with OpenSSL and other open source initiatives such as Open Quantum Safe (OQS). This work has taken many forms; research funding, in-kind engineering resources and sponsoring. I strongly believe in a corporation's responsibility to protect customer's (ultimately all individual's) right to privacy and a great way to ensure this right is to work with critical broadly adopted open source initiatives. I am fortunate that in my position at Cisco my team enables these same principles in software deployed across the portfolio, thereby affecting millions of individuals across the globe. My professional passion is that; making these principles a reality in products and systems used by real people around the globe. I look forward to assisting OpenSSL in their endeavors to engage with the corporate community.

During my 25 years at Cisco, my position as a leader in delivering common security modules across the Cisco portfolio, has exposed my team to 100’s of CIsco products and services (if not 1000’s).  As such, my team is at the forefront of customer requests and issues.  My team has firsthand knowledge of requests for new technologies and capabilities.  

Additionally my team is responsible for delivering security software that is capable of being integrated into these products that enable global certifications (FIPS, Common Criteria, etc).   In this last case, my team is heavily involved with NIST via NCCoE to advance the automation of FIPS certifications (ACVP and AMVP). 

Given all this, what would I want to do in this position?  It’s simple really.   Help build a relational community where others can share their voices to advance a common goal.   A community where disagreement is considered diversity of thought and isn’t avoided. A community dedicated to the success of open source and in particular OpenSSL.    This journey isn’t particularly easy but as my father told me, “nothing worthwhile is easy.”  🙂

In my position at Cisco I am encouraged by my leadership, to further Cisco's relationships with open source initiatives. My leadership is fully supportive of my commitment and participation in such endeavors (such as Linux Foundation PQCA), both in time and travel. (if a further written commitment is needed from my leadership I can get that)

(On a personal note, I really want to improve the relationships and communication between open source initiatives and corporations such as Cisco. I feel like these relationships can be needlessly adversarial at times. I honestly believe the relationships could be and should be mutually beneficial, especially considering the outcomes both desire. Cisco has stated that an individual right to privacy is a fundamental and universal right shared by everyone across the globe. I believe that's where a better relationship can start.... by understanding our common and core values and working together for the benefit of everyone.)

Nominee: Dr. Yi Ouyang

Statement

I am Dr. Yi Ouyang, currently serving as the Director of Software Development at Oracle, where I lead the Oracle Crypto Foundation team. My team is responsible for managing network security, data encryption, and authentication technologies. 

I earned my Ph.D. in Computer Science from Dartmouth College, New Hampshire, USA in 2008. My academic research focused on encryption key management, data protection, and privacy in sensor networks, with several publications in prestigious international conferences. Since joining Oracle, I have played a key role in the development of various security products and features.

OpenSSL 3.x has seen increased adoption across enterprises and large organizations due to its robust implementation, pluggable architecture, superior performance, and support for FIPS. As enterprise solutions often face diverse customer requirements and that too under the most demanding operational conditions, they serve as ideal proxies for real-world use cases, extending the reach of OpenSSL into various mission-critical applications worldwide.

Oracle databases are used by hundreds of thousands of enterprises globally, powering some of the most sensitive and high-demand workloads. In alignment with industry standards and enterprise needs, Oracle has adopted OpenSSL 3.x as the cryptographic library for its database and related products. As the leader of the integration effort for OpenSSL within Oracle's database systems, I am uniquely positioned to bring real-world deployment insights and usage requirements to the OpenSSL community.

In today’s rapidly advancing GenAI landscape, the need for a cryptographic framework that is 100% reliable, secure, and resilient under all conditions is paramount. As a member of the OpenSSL Corporation Business Advisory Committee (BAC), I would contribute my expertise to help guide and prioritize the most critical enterprise requirements. This includes shaping the future direction of OpenSSL to meet the demands for functionality, security, performance, reliability, and extensibility. Together, we can ensure OpenSSL remains as #1 cryptographic tool worldwide.

Given my deep involvement in enterprise-level security and OpenSSL integration, I am honored to nominate myself for a position on the OpenSSL Corporation Business Advisory Committee. I am committed to leveraging my knowledge and experience to help OpenSSL meet the evolving needs of the global enterprise community.

Nominee: Holger Dengler

Statement

OpenSSL is actively supported and maintained for IBM platforms. As an opensource developer and focal point for the community-maintained platform Linux on IBM System z (s390x), I'm actively involved in the development of the OpenSSL project. In cooperation with my colleagues maintaining the other IBM platforms, I will represent the requirements of all community-maintained platforms of IBM in the Business Advisory Committee. In this role I'll also interlock with other IBM groups, like Research or Software and Hardware Product development.

Representing all actively maintained platforms of IBM also means, that I also represent a large number of customers, which rely on OpenSSL as an essential part of their security solutions.

Last but not least, I certainly will also represent IBM's cryptography strategy which currently includes support of quantum-safe cryptography and hardware-protected key concepts (e.g. HSM).

Nominee: Tim Chevalier

Statement

Principal Engineer with NetApp (~20 years) primarily with security/crypto functionality for the ONTAP operating system. I've been an OpenSSL "user" for 25+ years and was a participant in the OpenSSL FIPS Provider Design Meetings in Brisbane and Edinburgh. I've led each of NetApp's FIPS validations for our OpenSSL FIPS Provider variant. I have a special interest in helping to ensure that OpenSSL continues to maintain the code quality, crypto functionality and feature sets needed by the financial, health, and public sector business communities.

Can you elaborate on the anonymity of the vote as represented by the information bubble, it seems at odds with your stated intent to count votes per business.

@Simo Sorce Appointing voting representatives in coordination with businesses is a time-intensive process. Since we were unable to finalize these appointments in time, we decided that the @Election Committee would temporarily assume the responsibility of aggregating votes.

While this involves disclosing votes to the @Election Committee, we have ensured that voter privacy is strictly maintained, as ballots remain anonymous to everyone else.

We are committed to upholding full anonymity for secret ballots in future elections.

Anton Arapov, Election Committee

Hi! Posting here because we did have still not gotten a response to the email we sent the OpenSSL folks yesterday:
We are concerned to see that the election for the large business delegate to the Corporation BAC is missing the candidate nominated by Amazon Web Services.

In this thread[0] (which I assume is only visible to the Election Committee), I nominated Panos Kampanakis to the committee. We never heard back with any confirmation or questions about this nomination. I was surprised about this and asked a question during the first of the two webinars and was told that no reach-out to any candidate had yet happened. We therefore assumed everything was on track, and were surprised when the poll launched without Panos (or a statement of why his nomination was not accepted).

I emailed OpenSSL yesterday morning, but have not received any response.

Can someone please explain why our candidate was not included?

Benjamin Seidenberg

Principal Engineer, AWS Cryptography

[0 ] https://openssl-communities.org/d/WcTtmOnY/panos-kampanakis-principal-security-engineer-amazon-web-services

@Benjamin Apologies for the inconvenience. Let’s address this promptly. I’ve just sent you an email on this matter and am available to assist in locating the nomination. We did not receive it and have been diligent in informing every nominee about the process.

I believe we’re still within the timeline, and I will notify the community about the additional candidate, giving them the opportunity to update their votes if they wish.

Is there a candidate statement for Panos available? I don't see it where I see the other candidates