Happy Holidays!🎄 Welcome to the 2024 December Newsletter

December’s Issue:

1. Adieu, 2024. Outreach Year In Review Quick Snapshot
2. Executive Director Year In Review
3. TAC Year In Review
4. CCC Mentorships are Open!
5. Community News

Welcome to the December edition of our newsletter – your guide to awesome happenings in our CCC community. We’re excited to continue to connect with you and help drive innovation. Let’s go!

CCC Presence in 2024 & Looking Ahead

The CCC has grown tremendously with lots of activities this year. Thanks to all the CCC community members for their participation and collaboration. We could not do what we do without our members’ involvement. 

The CCC showed up at more than 20 events this year, delivering talks, demos, and networking opportunities. We’ve also published more than 47 blogs, white papers, and tech talk/webinars hosted on our platform. One of the biggest publications was The Case for Confidential Computing white paper. Our social media interaction has increased more than 93%, making an impressive milestone for our community.

Awesome job this year!

In the new year, we have many more activities forming up. Our focus is to double down on impactful engagement with a more targeted approach. Our events will be reduced in quantity but more targeted to industry verticals, driving meaningful engagement. We’re working on engaging with analysts for a white paper to assess the Confidential Computing market, and a refreshed branding and messaging guide will be introduced as we kick off the new year. Our Outreach Meetings are open to all, if you’re curious about our engagement or want to get involved, feel free to join us!

Executive Director Update

November was a busy month for the CCC and we’ve managed a number of important tasks.  The first is approval of a budget for 2025 and the second is the election of new chairs and vice chairs to our various committees.

I’m delighted to welcome:

• Governing Board

• • Chair: Nelly Porter (Google)
  • Vice-chair: Emily Fox (Red Hat)
  • General member representatives: Manu Fontaine (Hushmesh), Samuel Ortiz (Rivos Inc.), Mark Medum Bundgaard (Partisia)

• TAC

• • Chair: Dan Middleton (Intel)
  • Co-Chair: Yash Mankad (Red Hat)

• Outreach

• • Chair: Rachel Wan (IBM)
  • Vice-chair: Mike Ferron-Jones (Intel)

Thank you to everyone who participated in the elections both as candidates and voters.

We also attended, spoken, and exhibited at KubeCon NA.  It was great to see a growing number of sessions involving Confidential Computing at the conference and also to welcome representatives from various members to staff, share resources, and speak at our booth.  The ability to make use of CCC booths at conferences we’re attending is one of the great benefits of membership in the consortium, particularly for smaller companies and we always welcome representation.

Though things are calming down as December proceeds, there are still activities ongoing.  One of note is a Linux Foundation workshop in Brussels around the new European Union Cyber Resilience Act (CRA).  This is likely to have an impact on members, the CCC, and its projects, and I will be attending to find out more and ensure that we have as much information and input as possible.  Having read the (81-page!) report on the day it was released, I’m planning to produce a summary for members that will help provide a shorter and more readable description of the possible actions we and our members should take as this legislation moves into its implementation phase.

TAC Year In Review

We have for the last couple years organized our work around Projects, Ecosystem, and Community.

Community
Yash Mankad gave us an update on our mentorship program. A big shoutout to Sal for their hard work in facilitating these efforts! Yash also mentioned that for 2025, we aim to expand this program to help keep our project repositories up-to-date.

Fritz Alder gave us a rundown of the Tech Talks coordinated in 2024. The pipeline for 2025 is already growing, and Fritz is committed to organizing more talks, with a focus on academic contributions.

Ecosystem
Alec Fernandez provided insights into our ecosystem work. As security practitioners, we’ve been focusing on security and privacy compliance, standards, and research. One notable improvement is the addition of “data in use” to the Cloud Controls Matrix. 

Mark Novak has led the drafting of a collection of compliance guidelines that we plan to get out early in 2025 as one of our first sets of accomplishments.

Projects
Catherine Zhang updated us on the Linux Kernel SIG’s efforts to facilitate upstreaming CC features into the Linux Kernel. 

Mingshen Sun shared valuable lessons learned from the ManaTEE project. These insights will be instrumental in supporting future projects, particularly in areas like mentorship, hardware, and cloud credits.

We’d also like to celebrate significant progress in OpenSSF compliance across our projects, with COCONUT-SVSM achieving an exceptional 107% compliance score and earning the OpenSSF Passing Badge, SPDM-RS advancing to 97% compliance and nearing badge status, and the Certifier Framework reaching 84% compliance. As we look to 2025, our focus is on increasing compliance across all projects to 90% or higher and standardizing OpenSSF compliance into the onboarding process for new projects, ensuring a consistent commitment to security and excellence.

Mentorship Opportunities Now Open!

NEW! Several CCC projects are now accepting mentorship applications. These mentorships provide hands-on experience in key areas of confidential computing, perfect for developers eager to enhance their skills while contributing to meaningful open source projects.

• Islet: Strengthen security through fuzz testing by integrating Cargo Fuzz into the project’s CI pipeline.
• Veraison (CoRIM Support): Enhance Veraison’s ability to securely manage CoRIM manifests and improve signing capabilities.
• Veraison (RATS Harmonization): Align open-source verifiers with RATS architecture by defining evidence formats and proposing policy frameworks.

These mentorships offer an excellent opportunity to develop expertise in confidential computing while contributing to industry-leading projects. We encourage interested participants to apply and join us in shaping the future of confidential computing! Please share these opportunities with your network!

Community News

• Building Trust Among the Untrusting: How Super Protocol Redefines AI Collaboration 

·        Podcast: TEEs and Confidential Computing: Paving the Way for Onchain AI

·        ACSAC 2024 Cybersecurity Artifact Award: “Rapid Deployment of Confidential Cloud Applications with Gramine”

• Confidential AI Whitepaper by Edgeless Systems

·        Using trusted execution environments for advertising use cases

Subscribe to our newsletter