🟦 Large Businesses Election for the OpenSSL Corporation TAC
Election Committee
Public
Seen by 66
The OpenSSL Corporation invites each participating large businesses' official delegate to vote in the selection of the Large Businesses Representative for the Technical Advisory Committee (TAC).
The TAC strengthens our technical governance by ensuring that OpenSSL’s development priorities and technical directions reflect the needs, insights, and expertise of the broader community, in alignment with the OpenSSL Mission.
Voting Details:
Each designated delegate is authorised to cast one vote on behalf of their organisation.
Voting is open until May 11 at 12:00 UTC.
Delegates may update or change their selection at any point until the voting period closes.
The results will be visible after the election is closed.
Your participation is critical in shaping the future technical leadership of OpenSSL Project.
Poll Created Mon 28 Apr 2025 12:01PM
Corporation TAC Large Businesses' Election Closed Sun 11 May 2025 12:00PM
Thank you to everyone who participated in the recent election. Craig Lorentzen has been elected to a Large Businesses seat in the OpenSSL Corporation TAC. We encourage community members to engage with Craig in their new role as representative for your community.
The formation of the TAC is an important part of the OpenSSL Project community engagement changes we initiated in early 2024.
Congratulations to Craig!
Results
| Results | Option | % of points | Voters | |||
|---|---|---|---|---|---|---|
|
|
Craig Lorentzen | 55.6% | 5 |
|
||
|
|
Dmitry Belyavskiy | 44.4% | 4 |
|
||
| None of the above | 0% | 0 | ||||
| Undecided | 0% | 33 |
|
9 of 42 people have participated (21%)
Election Committee Mon 28 Apr 2025 12:03PM
Nominee: Craig Lorentzen, Amazon
Statement
As a security engineer with two decades of experience, Craig brings technical depth and practical expertise to the advisory committee. In his current role at Amazon Web Services (AWS), he serves as a trusted security advisor to development teams addressing complex challenges around performance, compliance, and security at massive scale. He provides critical guidance on integrating OpenSSL across AWS’ service portfolio protecting millions of customers globally.
Craig's extensive background bridging both defensive and offensive security, coupled with hands-on experience supporting the world’s most comprehensive and broadly adopted cloud, enables him to represent the crucial perspective of enterprise organizations while understanding the technical challenges faced by the broader security community. His mastery across the security spectrum from infrastructure to offensive security is confirmed by attained credentials including the Security CCIE (2012), ISC2 CISSP and CSA CCSK (2015), SANS GXPN and OSCP (2020). His collaborative approach and proven track record make him an ideal candidate to help shape the future direction of this important initiative.
Election Committee · Mon 28 Apr 2025 12:02PM
Nominee: Dmitry Belyavskiy, Red Hat
Statement
have 20+ years of experience with OpenSSL development, have been a Committer since 2019 and a member of the OpenSSL Technical Committee since 2021. I am an OpenSSL maintainer in RHEL, CentOS, and Fedora Linux distributions. My last major contribution to OpenSSL was the introduction of opaque objects for dealing with non-extractable symmetric keys (EVP_SKEY).
My main interest in OpenSSL development is its pluggability. As much extending the functionality as possible should be doable via the providers mechanism. I also think that we need to provide more handles for extending system-wide and application-wide configuration of OpenSSL as a framework.
I believe that something like maintainer's club should be established. This club could also participate in decisions about feature branches and be involved in the CVE process.
I think that we currently don't have enough people to review the PRs. I think we should add the role of reviewers to the role of committers. I believe that the distribution's representatives and the representatives of major companies having their forks should be granted the status of reviewers.
I think that for better communication with various communities OpenSSL, both Corporation and Foundation, should introduce the practice of Open Hours.