Meeting Minutes: Board and BAC Monthly (2025-05-26)

Below are the minutes from the Business Advisory Committee and community engagement strategy meeting. All attendees and stakeholders are encouraged to review these notes and contribute to the ongoing discussions. This is an opportunity to shape the future of OpenSSL by offering feedback and supporting outreach initiatives.

Attendees

@Anton Arapov, @James Bourne, @Jaroslav Reznik, @Katerina Micova, @Paul Dale, @Randall Becker, @Tim Hudson
Absent: @Billy Brumley, @Jeff Johnson

Agenda

1. Community participation statistics and feedback generation

2. Challenges in engaging regulated industries and corporate partners

3. Concerns about hosting platforms and repository control

4. Post-quantum cryptography (PQC) adoption and planning for 3.6

5. Outreach strategies, webinars, and sector-specific liaisons

Key Points

• Anton presented data showing approximately 20% participation in community threads, a strong signal of engagement compared to typical open communities.

• Paul and Randall expressed that while these numbers are positive, the activity may be concentrated among a small group of committed users.

• Tim highlighted that the users engaged via OpenSSL Communities differ from long-term GitHub contributors, adding nuance to engagement metrics.

• Randall shared barriers to participation from financial sector stakeholders, such as restrictions on using corporate identities in public forums.

• Sales interest exists in cryptographic advancements like PQC, but product knowledge gaps hinder communication with technical teams.

• Tim and Paul emphasized that the push toward PQC adoption will likely come from significant external events or mandates - not gradual education.

• Randall predicted that a major cryptographic breach would do more to drive change than policy or documentation.

• Webinars and direct product-team outreach were discussed as practical strategies to bypass corporate participation limitations.

Community and Technical Engagement

• Paul voiced concerns about relying solely on GitHub due to geopolitical risks and proposed evaluating alternative hosting options.

• Alternatives like GitLab CE and Bitbucket were mentioned, though many are still U.S.-based; a self-hosted solution was acknowledged as viable.

• Tim proposed polling the community on preferred repository platforms to gauge potential transition feasibility.

• Discussion on introducing industry liaisons to strengthen communication with finance, healthcare, and government sectors received broad support.

Future Releases and Quantum Transition

• Discussion covered OpenSSL 3.6 and 4.0 roadmaps, with a focus on integrating PQC readiness.

• Randall noted that financial customers are hesitant to abandon RSA 2048-bit key due to infrastructure inertia and lack of urgency.

• Paul and Tim agreed that security shifts will likely be regulation-driven or event-triggered, rather than voluntary.

• References shared included NIST and NSA migration plans, and Gartner projections regarding quantum timelines.

Upcoming Actions

• Members were encouraged to propose discussion items to their communities in preparation for the next BAC session.

• Anton will distribute presentation materials and minutes from the last BAC meeting in Brno for further distribution and archival.

• Paul committed to drafting a proposal addressing concerns about GitHub reliance for review and discussion.

• Randall will evaluate internal options to support a webinar, aligning with product management and sales.

• James provided brief updates on relevant cybersecurity events and speaking opportunities.

Future Meetings and Events

• The next BAC meeting will incorporate feedback collected from advisory members outreach.

• A more formal engagement model will be piloted, including possible webinars and thematic focus sessions.

• Liaison roles will be further developed to connect OpenSSL to specific industry verticals and their needs.

• Community polling and participation metrics will inform decisions on repository migration, outreach platforms, and messaging.

Action Items

• Anton → Share minutes and slide materials from the last BAC meeting in Brno with all participants by next week.

• Paul → Draft GitHub hosting concerns memo and circulate for internal and external comment.

• Randall → Coordinate feasibility of webinars and consult with internal sales teams.

• Tim → Lead post-meeting feedback collection and contribute to planning future community engagement.

• James → Identify and report OpenSSL presentation opportunities at relevant conferences.

• Jaroslav → Maintain engagement in community discussions and support follow-up feedback.