OpenSSL

Cryptography and SSL/TLS Toolkit

Sponsorship Policy

Purpose

The purpose of the Sponsorship Policy (The Policy) is to outline the principles and behaviours adopted by OpenSSL when receiving or providing sponsorship.

The Policy will ensure that only appropriate sponsorship is received or provided by OpenSSL, i.e. that sponsorship aligns with OpenSSL’s Mission and Values, community expectations and meets legal requirements.

Scope

The policy applies to all organisations, individuals and entities that provide sponsorship to OpenSSL and to any organisation, individual or entity that OpenSSL sponsors.

The Policy establishes a framework by which new and renewing sponsorships are assessed, formalised, managed, and measured for both the sponsorship of OpenSSL and any sponsorship that OpenSSL may provide.

Principles

Definition

Sponsorship is the provision of support to an organisation, individual or entity from an external source, it can take many forms including but not limited to, financial assistance, preferential treatment, free products, resources or beneficial “in kind” arrangements.

Authorised Approver is a person authorised by the OMC to assess and make decisions regarding receiving sponsorship.

Levels of Sponsorship provided to OpenSSL

Details of Sponsorship options are located on OpenSSL’s Sponsorship webpage.

Sponsorship Decisions

Only the OMC or Authorised Approver can, in line with The Policy, decide whether to accept sponsorship. Only the OMC, in line with The Policy, can approve the provision of sponsorship.

Sponsorship provided via GitHub Sponsors in part or in whole, is deemed to be accepted sponsorship by the OMC.

Sponsorship assessment

OpenSSL Receiving Sponsorship

The OMC or Authorised Approver, will assess each offer to provide sponsorship, except where provided via GitHub Sponsors, under the following criteria: * whether it aligns with OpenSSL’s Mission and values; * whether sponsorship supports the achievement of OpenSSL’s goals, objectives and priorities; * whether it does not cause a conflict of interest, or regulatory or legal infringement; * whether it complies with OpenSSL’s Code of Conduct Policy; * whether it damages OpenSSL’s reputation.

Where a sponsorship is reported to the OMC as a potential inappropriate sponsor the above criteria will be used to assess that sponsorship.

Recording Sponsorship of OpenSSL

  • For Sponsorship made via GitHub Sponsors, <$400/month and one-off payments, the information provided via GitHub Sponsors registration process is deemed sufficient record of the sponsorship provided.

  • For Sponsorship at Platinum Level or above, a Sponsorship Agreement, should be entered into. It should clearly set out:

    • the rights and obligations between both parties;
    • clearly confirm any commitments made to each other;
    • include Term of Sponsorship, any exclusivity requirements, payment requirements, agreed benefits, and termination of agreement details.
  • For all Sponsorship, at Bronze Level or above, (including GitHub Sponsors $400/month or above) the sponsorship must be documented and recorded in an appropriate system so that it can be identified and managed.

Details to be recorded in this system are:

  • Name of organisation, individual or entity providing sponsorship;

  • Duration of sponsorship arrangement, including start and end dates (where applicable);

  • Value of sponsorship in $US and local currency (where applicable);

  • Details of what is being supplied under the sponsorship e.g. financial aid, resources etc;

  • Any conditions that apply to the sponsorship;

  • Whether permission to display logos, company details and links to their websites has been provided;

  • Contact details for the organisation, Individual or Entity.

  • Acknowledgement of Sponsors on OpenSSL’s website, including logos, company details and links to external websites will only ocurr with express permission of the sponsoring organisation, individual or entity. At the end of the sponsorship period, where sponsorship is not renewed, acknowledgements will be removed from the OpenSSL website.

  • For sponsors on GitHub Sponsors that have elected to be public, it is deemed that they have provided express permission for such acknowledgement as provided by GitHub Sponsors and to receiving direct contact from OpenSSL.

OpenSSL Providing Sponsorship

Below sets out how OpenSSL will assess requests to provide sponsorship.

The OMC will assess each application for sponsorship, under the following criteria:

  • Does sponsoring support OpenSSL’s Mission and Values, it’s goals, objectives and priorities;
  • Could sponsoring be perceived as a conflict of interest, or impartial;
  • Does sponsoring breach any legal or regulatory requirements;
  • Will sponsoring damage OpenSSL’s reputation;
  • What is the financial implication of sponsoring to OpenSSL;
  • What are the benefits of sponsoring this organisation, individual or entity;
  • Does sponsoring further Open Source principles.

Where a sponsorship is reported to the OMC as potentially inappropriate the above criteria will be used to assess that sponsorship.

Recording Sponsorship provided by OpenSSL

All sponsorship arrangements with organisations, individuals or entities that OpenSSL sponsors must be documented and recorded in an appropriate system so that it can be identified and managed.

Details to be recorded in this system are:

  • Name of organisation, individual or entity being sponsored;
  • Duration of sponsorship arrangement, including start and end dates;
  • Value of sponsorship in $US and local currency (where applicable);
  • Details of what is being supplied under the sponsorship e.g. financial aid, resources etc;
  • Any conditions that apply to the sponsorship;
  • Contact details for the organisation, individual or entity;
  • Reason for approving sponsorship.