Hello Community Member,
We’re wrapping up a busy February with a lot of CCC engagements at industry events and various internal revamp processes.
A quick reminder of what we’re about: Confidential Computing Consortium is a community focused on open-source licensed projects securing DATA IN USE and accelerating the adoption of confidential computing through open collaboration. We welcome all members and projects to be involved and engaged. We’re all contributors to shaping the future of Confidential Computing.
Let’s go!
In February’s Issue:
- Executive Director’s Corner
- Outreach Activity – Your Opportunity to Get Involved
- All Things Technical Community
- CCC Community Content
From the Executive Director
The conference season is heating up again, and Confidential Computing is becoming more visible in all kinds of areas. We started February with a whole afternoon track (“devroom”) on Confidential Computing at the developer-led FOSDEM in Brussels, followed by a talk by Sal Kimmich at State of Open UK in London. I’m at the Rocky Mountain Cyberspace Symposium in Colorado Springs during the week of the 19th of February, and we round off the month with the Privacy-Enhancing Summit in London (see below!).
We’re also having success in having an increasing number of sessions being accepted at major conferences including the Confidential Computing Summit and RSA Conference North America. What we’d love to do is make the most of these opportunities with members of the Consortium, so if you’re attending or exhibiting at any conferences, please let us know: we always look for ways to coordinate and amplify each others’ efforts.
CCC Outreach Activities
Kicking off the year with a bang! February was full of CCC activities at industry events. You’re invited.
Upcoming Events
- PET EU (Feb 27-28): CCC is an Associate Partner for PET series. Use the discount code ‘CCC10‘ and join us in London!
- [Presentation] Confidential Computing and AI: Securing Data and Driving Innovation by Simon Gallagher (Microsoft)
- [Panel] Fortifying Privacy and Security: The Power of Confidential Computing Solutions with Simon Gallagher (Microsoft), Andreas Walbrodt (Enclaive), Bertrand Foing (Secretarium & Klave) moderated by Mike Bursell (CCC)
- [Panel] Building an AI Toolbox: How to Utilise Regulated Data Enterprises with David Pollington (Bloc Ventures), Amir Tabakovic (Mobey Forum) moderated by Sal Kimmich (CCC)
- [Roundtable] Protecting Privacy in AI and Emerging Technologies led by Sal Kimmich
- [Welcome Reception Jeopardy!] Co-hosted with Partisia. Jeopardy led by Sal Kimmich
- OC3 (Mar 13): Sal Kimmich speaking on “The road ahead: How confidential computing will evolve in the 2020s and beyond”
- OSS NA, Seattle (Apr 16-18): Get ready for the CCC Mini-Summit.
- RSA (May 6-9): All members who are exhibiting or planning to attend, LET’S COLLABORATE. CCC will have a booth and we’d like to support our members. Reach out to the Event SIG link below and let us know if you haven’t already!
- CC Summit (Jun 5-6): CFP for CCC breakout sessions will be available soon. Join the Outreach Committee call to discuss more.
For any questions regarding CCC events, email Events SIG.
Got Content?
You can submit your request via the CCC Content Request Form.
Covered content:
- Blog post
- Social post
- Webinar
- Newsletter
- Case study
- Meet up
- Other
CCC Technical Advisory
The year is off to a strong start in the technical community. We are anchoring our contributions on a common view that by working together as a community we can make the world more secure with Confidential Computing than we could as individuals or individual companies. Our work is organized into three streams: Projects, Ecosystem, and Community. By the end of this year, we will be able to say:
Projects: As an open-source organization, we helped our projects grow.
- We coached our projects to adopt security best practices according to OpenSSF guidance (best practices badge).
- We actively mentored our projects on how to gain adoption.
- We facilitated collaboration for CCC projects including with the Linux Kernel
Ecosystem: As security practitioners, we informed security and privacy compliance, standards, and research.
- We identified influential compliance organizations & appropriately recommended CC in public documents.
- We evolved understanding of attestation and aligned on protocols and formats.
- We engaged with academia to encourage and publicize CC research and study.
Community: Our community is growing and healthy.
- We encouraged our projects to take LF Inclusive Open Source training.
- We have sought out and welcomed new contributors
- by representing CCC at conferences
- facilitating project issues and pull requests
- by participating in mentorship programs such LFX Mentorship, Outreachy, and GSoC to ramp new people in our SIGs and committees
It’s a full year of work ahead of us, but with the active contributions of each of us, we’re going to accomplish each of these goals!
Technical Community
Searchable Glossary of Confidential Computing Terms
We’re creating a glossary of the standardized terminology, and communicating with other regulatory bodies like the CSA to use this glossary as the field standard. We welcome contributions to the CCC Glossary Repository for review and discussion now. These terms will be available directly on the CCC website shortly following that process.
Introducing the New Kernel SIG
The CCC is excited to announce the development of a new Special Interest Group (SIG) focused on the Kernel.
This SIG aims to:
Facilitate dialog between Linux kernel and Confidential Computing subject matter experts:
- to facilitate direction for topics that need formal collaboration,
- to have an additional venue to facilitate direction for topics that are stalled on LKML, which would benefit from higher bandwidth communication,
- to have a common place to record decisions and formalize the output for others to reference,
and to introduce new technical topics emerging in either domain, e.g., attestation mechanisms approaching standardization.
Learn more about the Kernel SIG and how you can contribute to its foundational goals.
Engage Your Legal Teams in Our GRC Efforts
We’re calling on members to involve their legal teams in our Governance, Risk Management, and Compliance (GRC) initiatives: you can join the GRC mailing list to learn more. These efforts are focused on developing Patterns for Confidential Computing that align with common regulation standards, and sector-specific regulatory obligations. Your legal team’s input will be invaluable as we strive to ensure that confidential computing technologies meet and exceed regulatory requirements.
Open Source Dashboards
Soon, all Linux Subfoundation Open Source Projects may be featured on the LFX Insights platform, integrated with new insights for projects from the amazing CLOMonitor. This advancement promises to provide CCC members with critical data on project documentation, cybersecurity readiness, and more. Here are just a few of the important metrics that projects will be evaluated by:
Comprehensive Documentation and Licensing Checks: Ensures projects have detailed README files and clear open-source licenses, facilitating easier adoption and compliance.
Security and Dependency Management: Offers vulnerability scanning and dependency analysis, helping projects identify and mitigate potential security risks before they become issues.
Diverse and Active Community Engagement: Measures contributor diversity and issue engagement, highlighting the project’s inclusivity and responsiveness to community feedback.
Code Health Monitoring: Tracks codebase activity, including commit frequency and issue resolution times, to gauge ongoing development and maintainability.
Project Vitality Indicators: Analyzes release frequency and adoption rates, providing insights into the project’s momentum, popularity, and impact within the open-source ecosystem.
More from CCC Community
- How Confidential Computing Meets Modern Customer Needs – Enclaive
- Highlights from the Confidential Computing DevRoom at FOSDEM – Confidential Computing Consortium
- Webinar Replay “Confidential Computing Demystified” – Canonical
- Subscribe to Confidential Data and AI Newsletter – Opaque
