Cryptography and SSL/TLS Toolkit

Information Release Policy


The purpose of the Information Release Policy (The Policy) is to outline the principles adopted by OpenSSL in the release of information. OpenSSL is committed to transparency and open access to information and will publish as much information as possible while having due regard to our obligation to respect and maintain confidential, commercially valuable and personal information. This policy establishes that a decision to release information is at OpenSSL’s discretion.


The Policy provides guidance as to how OpenSSL will determine whether to release information. This policy does not deal with information requests where OpenSSL is required by law to release that information, though it refers to the circumstances in which such disclosures might be made.


Release of information will be considered where: * there are no adverse effects to OpenSSL or any third parties as a result of disclosing the information. * the release of the information will not concern any third parties;

In any assessment of whether information will be released OpenSSL will consider: * who is requesting the information; * the purpose for which the information is being requested; * if releasing the information complies with legislation dealing with privacy, secrecy, consent, commercial in confidence and access to freedom of information. * whether the information is suitable and appropriate to be released: * fit for purpose. Fit for purpose refers to the closeness of correspondence between the characteristics of the information provided and its intended purpose. Poor fit means that the information is unlikely to meet the needs of those requesting the information. * is a suitable quality for use; * is accurate and complete; * is reliable or whether it is subject to further change (outside of regular reviews). * resource availability. Information release requests can involve a significant commitment of resources, and sometimes specialised/technical resources. * whether OpenSSL can ensure it is used only for the purpose for which it was released and that it will not be disclosed to other parties unless previously agreed to or provided for by law.

Where OpenSSL may be required to release information based on legislative requirements, subpoenas or other legal discovery obligations. OpenSSL will comply with any requests in accordance with all its legal obligations and the principles of information release.