Agenda for March, 2026 meeting

In the last meeting, Matt asked for suggestions for NCSU Practicum, can we encourage students to work on finding a practical solution on how to test the new code against lots of no-* build combinations, which is not feasible right at the moment (ref: https://openssl-communities.org/d/hT3LIM4H/comment/1153). A CI pipeline check is possible (after some changes) however, contributors can't run those tests locally. So maybe a tool around this maybe feasible.

Claude has recently released code review agent (https://claude.com/blog/code-review) to check PRs and in the last meet, I recall there is some collaboration/partnership where AISLE Security will be checking the Openssl PRs for the security vulnerabilities. Right now, openssl has around 400 PRs open and with AI advancement, there are more AI based code in recent PRs. Maybe Openssl can use this claude agent for PR code review and detect AI slop and can help maintainers reduce the PR count to some extent. Right now, this is on beta testing so I am not sure how much this can help, but can have a discussion on this.

Last month, Aditya and me were working on a benchmark between jostle and bouncy castle and results are quite in favor of jostle. Putting it here to bring light on it - https://ngkore.github.io/jostle-bc-crypto-benchmarking/.

This is of my personal interest, some of you might heard of CBOMkit by LF PQCA and recently, there are work going on to extend the support to other langauges and libraries. It has support for java and python and recently there is merge regarding support for golang and lib support for standard crypto lib and golang.org/x/crypto lib. I am working on the support for c/c++ language and working on supporting openssl as the first lib. I am pretty much done with it (for the language support) and partially added support for openssl 3.6(https://github.com/chmodshubham/pqca-sonar-cryptography/tree/cpp-support). Just putting it here for discussion in todays meeting.