OpenSSL Contributors Statistics

How these statistics are calculated

This site presents contribution statistics for the OpenSSL project based on the public Git history of the OpenSSL repository. The goal is to provide a consistent overview of development activity over time and to highlight how contributions are distributed across individuals and organizations.

Data sources

1. OpenSSL Git repository
   All commits are taken from the official OpenSSL repository. Commit authors, commit timestamps, and commit messages are used to compute activity statistics.
2. OpenSSL Contributor Directory
   Contributor metadata such as display name, company affiliation, GitHub username, and committer membership dates is loaded from the OpenSSL contributor database. This is used to group activity by organization and to determine who is a committer during a given period.

Commit date used for attribution

All statistics are based on the commit authored date, not the date the commit was merged into a branch. This means the activity is attributed to the time the contribution was originally written, even if it was merged later.

What counts as a contribution

For each commit, we extract and aggregate the following signals:

• Commits — number of non-trivial commits authored by a contributor.
• Changes — a lightweight measure of the size of a commit, derived from line additions and deletions, ignoring certain generated files.
• Reviews — count of explicit review acknowledgements in commit messages (based on Reviewed-by: trailers).
• PR approvals — number of distinct pull requests that a person is recorded as reviewing (derived from commits that include a GitHub PR reference and one or more Reviewed-by: lines).

Exclusions and filtering

Not every commit is treated as a meaningful contribution. We exclude or classify separately:

• Trivial contributions, identified by “CLA: trivial” markers.
• Automated or bulk formatting commits, such as reformatting runs.
• Tool-generated and imported history, including legacy imports and migration commits.
• Bot activity, such as Dependabot and OpenSSL automation accounts.
• Commits with no meaningful source changes, where the detected change size is effectively zero.
• Certain generated/non-source files, so that vendor data and generated outputs do not distort change volume.
• Bulk removals of deprecated functions.

These exclusions are applied consistently across all time periods.

Time periods and branch coverage

Statistics are calculated for multiple periods:

• All time
• By year
• By half-year
• By major OpenSSL release series (for example, 3.4, 3.5, 3.6, 4.0)

Branch coverage differs depending on the view:

• For all periods except release series, commits are counted across all branches in the repository. This reflects overall activity, including work that may have happened on feature branches or other long-lived branches.
• For release series pages, commits are counted only from the master branch, and only within the defined release-series date range. This is intended to reflect activity that entered the main development line for that series.

Committers activity

The “Committers Activity” view shows activity for contributors who have (or had) commit access according to the OpenSSL bylaws. Membership dates come from the contributor database.

For each committer we show:

• sum of commits, reviews and PR approvlas in the period
• commits authored in the period
• reviews recorded in the period
• PR approvals recorded in the period
• whether the committer is active under the bylaw threshold
• whether the committer is new (received commit access during the current activity period)

At the start of a new period, all committers are still displayed even if they have not yet participated, with zeros shown for the activity counters.

Company attribution

Each contributor is associated with an organization using the OpenSSL contributor database. In some cases we apply explicit attribution rules based on known corporate domains or curated lists for project participants.

Companies are grouped into broad categories:

• OpenSSL Project — contributors associated with OpenSSL itself
• Other Companies — contributors associated with other organizations
• Individuals — contributors without a company affiliation