OpenSSL source is maintained by a team of committers. The overall project is run by the OpenSSL Management Committee. Technical decisions are made by the OpenSSL Technical Committee. We operate under a set of project bylaws and ask everyone to follow our code of conduct.
Here are some of the ways you can join the community and contribute; see the links on the right-hand side. The "getting started" page has some ideas. We maintain several mailing lists. Anyone can join, but you must be a member of a list to post to it. We have a public wiki, and anyone can request an account and start adding content. We have a team blog, where members of the development team will occasionally post.
While we only distribute source, some members of the community make binaries available.
Finally we'd also like to thank several groups for help with the project infrastructure over time.
Reporting Security Bugs
If you think you have found a security bug in OpenSSL, please send mail to email@example.com. Encryption is not required, but if you want to encrypt the mail, you can use our team's PGP Key. Or you can send mail to one or more individual OMC Members, encrypted or plaintext. We will work with you to assess and fix the flaw, as discussed in our Security Policy.
Please note that we do not run a Bug Bounty program, although third parties (such as the HackerOne Internet Bug Bounty) may reward correctly reported and confirmed security issues in the OpenSSL codebase.
All fixed security bugs are listed on our vulnerabilities page
To report a bug or make an enhancement request, please open an issue on GitHub, by clicking "new issue" on this page: https://github.com/openssl/openssl/issues. If you also have code, you do not need to open both an issue and a pull request.
For more information about the best way to submit patches, please see the file CONTRIBUTING in the distribution. The short answer is make a pull request.