The Linux Foundation Projects
Skip to main content
All Posts By

jshelby

March 2024 Newsletter

By Newsletter No Comments

In Today’s Issue:

 

    1. Executive Director’s Corner
    2. TAC Community
    3. Outreach Engagement
    4. Join us at RSA

Spring greetings! March is the start of a lovely season. We’re continuing our momentum and bringing you the latest and greatest here at CCC. Let’s dive in.

Executive Director’s Note

February was a busy month for the CCC, with appearances or attendance at FOSDEM, State of Open, Rocky Mountain Cyberspace Summit, and PET Summit Europe in London. The breadth of engagement – ranging from technical, open source, US government/federal/defense and European banking/compliance and beyond – shows how use cases for Confidential Computing are becoming increasingly relevant across multiple sectors and contexts. With new membership from Fujitsu and Tiktok moving to participate as a Premier Member, we are also seeing a broader global engagement, which we are keen to address with meetings at times that are appropriate for more members, so if you’re interested in attending any of our committees or SIGs, please get in touch and we can hopefully find a time that works for you.

From the TAC
In response to requests from the Cloud Security Alliance and others, the TAC is looking at defining additional terminology. Currently terms fundamental to Confidential Computing… like “Confidential Computing” 🙂 are defined in the A Technical Analysis of Confidential Computing. Confidential Computing artifacts like “Confidential Container” and “Confidential VM” are defined in “Common Terminology for Confidential Computing”. We received requests for clarification about what we might call operational terminology – concepts like “Trust Anchor”.

The TAC anticipates formalizing these definitions in a CCC-governed paper and then perhaps promoting them in other places like Wikipedia. If you would like to contribute, as always “All are Welcome” to contribute to our TAC meetings. Last month we announced the TAC goals defined across Projects, Ecosystem, and Community. TAC representatives from each of the premiere members are taking responsibility to lead one of these areas. Lily and Yash from Red Hat have gotten us off to a great start with their work in the Community objectives. Partnering with Riaan and Sal from our staff, they are well underway to make the internship and mentoring process an enriching experience for the CCC and for our new contributors. If you would like to hear more about the other objectives feel free to reach out to any of our TAC members in slack or on the mail list.

They will be excited to tell you what they are planning.Last but not least, we also announced our newest Special Interest Group last month. SIGs are sub-communities with a common topical interest. The Linux Kernel SIG is now underway working to develop common infrastructure and approaches to increase cross architecture reuse and reduce upstream Linux Kernel maintenance burden. Logistical information is making its way onto the CCC committees page.

Technical Community

March has seen significant developments in Confidential Computing, with a major focus on KubeCon. This event brought to light the advancements in container security and the integration of Kubernetes with confidential computing, setting new standards for cloud-native application security.

KubeCon Technical Highlights:
– Enhanced security features in container runtimes, notably with CRI-O’s next iteration.
– Greater Integration of TEEs with Kubernetes, marking a significant step in securing cloud-native ecosystems.
– The introduction of WebAssembly (WASM) for secure microservices, pushing the envelope for container runtime security.

For a full review of the technologies discussed at KubeCon, see our upcoming blog post on the topic.

March underscored the importance of Confidential Computing with key takeaways from KubeCon, focusing on security enhancements in container runtimes, Kubernetes’ integration with TEEs, and the role of WebAssembly in secure microservices. As we head into April, the CCC is gearing up for the IAPP Global Privacy Summit next week, aiming to share key updates on regulation around privacy and technology with our community.

A reminder for project maintainers: prioritize improving your OpenSSF Scorecard scores, we are currently on track to have all projects at a high or perfect security posture score by the end of Q2, great work everyone!

Outreach Engagement
 ———————–
Monthly Analytics
Recently, we’ve covered our monthly analytics report of the website, newsletter, and social in our Outreach Meeting. We’re seeing some positive growth and we’ll keep tracking monthly to improve the health of our activities.

Upcoming Events
RSA (May 6-9): All members exhibiting or planning to attend, 📣LET’S COLLABORATE. CCC will have a booth and we’d like to work with you. Here’s what you can do:
Submit Your Video Content: We’d love to display member content on our booth screen.
Provide Booth No.: Let’s cross-promote. We’ll promote your booth number on our passport card.
Showcase Demo: If you have something to show on the show floor, you can use the CCC booth to showcase your demo.
Identiverse (May 28-31): CCC is hosting a panel session “Confidential Computing: The Internet’s Missing Cryptography Engine
CC Summit (Jun 5-6): CFP for CCC breakout sessions will be available soon. Join the Outreach Committee call to discuss more.
PET APAC (July 16): Calling all our Confidential Computing Enthusiasts in APAC! Open opportunity to be announced soon.
For any questions regarding CCC events, email Events SIG.

CHART YOUR COURSE TO CYBERSECURITY BRILLIANCE AT RSAC 2024
Join us for an unforgettable experience at RSAC 2024—the premier destination for cybersecurity professionals to come together for four days of learning, networking, and advancement! We’ve compiled the top agenda highlights that await you, from captivating Keynotes to cutting-edge innovation.

Register by April 5 to take advantage of our Discount Period pricing and use code 14UCCCFDto save $750* on your Full Conference Pass.

You can also use our FREE Expo Pass Code: 52ECONCOMPXO
VIEW FULL AGENDA

TikTok Becomes Premier Member of Confidential Computing Consortium

By Announcement, Blog No Comments

In an era dominated by rapid technological advancements, the need for robust data security measures has become more critical than ever. Recognizing this imperative, TikTok has joined the Confidential Computing Consortium (CCC) as a Premier member, a collaborative effort dedicated to advancing the adoption of confidential computing technology.

The Confidential Computing Consortium is a community-driven initiative comprising industry leaders and organizations united in their mission to redefine data security standards. Our mission centers on promoting the widespread adoption of confidential computing, focusing on safeguarding sensitive information and cultivating a more robust computing landscape. Utilizing advanced computational techniques, such as hardware-based Trusted Execution Environments, confidential computing enhances security and privacy by protecting data in use. This approach complements existing encryption methods for data at rest and in transit, fostering comprehensive data protection measures.

As a platform, TikTok is used by billions of users worldwide on a global scale. When building products and features, securing the privacy of users is at the forefront of TikTok’s engineering strategy. TikTok’s Privacy Innovation is an open-source initiative dedicated to advancing data privacy through cutting-edge technological advancements and fostering collaboration and transparency. Their open-source initiatives aim to make technology readily available to researchers and practitioners, aligning with a shared vision to shape a safer, more privacy-centric future. By joining this global consortium, TikTok aligns with a community of like-minded entities dedicated to advancing secure computing solutions.

As technology evolves, robust data protection measures become increasingly paramount. Through initiatives like confidential computing, companies like TikTok are safeguarding their users’ information and contributing to the broader effort of establishing a more secure and trustworthy digital ecosystem. TikTok’s membership not only holds significance for the company itself but also serves as an inspiration for other technology companies to prioritize data security in an era where digital trust is of utmost importance.

Join us in welcoming TikTok to the Confidential Computing Consortium.

Read about other organizations who recently joined CCC:

Fujitsu

NVIDIA

CCC Newsletter- February

By Newsletter No Comments

Hello Community Member,

We’re wrapping up a busy February with a lot of CCC engagements at industry events and various internal revamp processes.

A quick reminder of what we’re about: Confidential Computing Consortium is a community focused on open-source licensed projects securing DATA IN USE and accelerating the adoption of confidential computing through open collaboration. We welcome all members and projects to be involved and engaged. We’re all contributors to shaping the future of Confidential Computing.

Let’s go!

In February’s Issue:

  1. Executive Director’s Corner 
  2.  Outreach Activity – Your Opportunity to Get Involved
  3.  All Things Technical Community
  4. CCC Community Content

From the Executive Director

The conference season is heating up again, and Confidential Computing is becoming more visible in all kinds of areas. We started February with a whole afternoon track (“devroom”) on Confidential Computing at the developer-led FOSDEM in Brussels, followed by a talk by Sal Kimmich at State of Open UK in London. I’m at the Rocky Mountain Cyberspace Symposium in Colorado Springs during the week of the 19th of February, and we round off the month with the Privacy-Enhancing Summit in London (see below!).

We’re also having success in having an increasing number of sessions being accepted at major conferences including the Confidential Computing Summit and RSA Conference North America. What we’d love to do is make the most of these opportunities with members of the Consortium, so if you’re attending or exhibiting at any conferences, please let us know: we always look for ways to coordinate and amplify each others’ efforts.

CCC Outreach Activities

Kicking off the year with a bang! February was full of CCC activities at industry events. You’re invited.

Upcoming Events

  • PET EU (Feb 27-28): CCC is an Associate Partner for PET series. Use the discount code ‘CCC10‘ and join us in London!
    • [Presentation] Confidential Computing and AI: Securing Data and Driving Innovation by Simon Gallagher (Microsoft)
    • [Panel] Fortifying Privacy and Security: The Power of Confidential Computing Solutions with Simon Gallagher (Microsoft), Andreas Walbrodt (Enclaive), Bertrand Foing (Secretarium & Klave) moderated by Mike Bursell (CCC)
    • [Panel] Building an AI Toolbox: How to Utilise Regulated Data Enterprises with David Pollington (Bloc Ventures), Amir Tabakovic (Mobey Forum) moderated by Sal Kimmich (CCC)
    • [Roundtable] Protecting Privacy in AI and Emerging Technologies led by Sal Kimmich
    • [Welcome Reception Jeopardy!] Co-hosted with Partisia. Jeopardy led by Sal Kimmich
  • OC3 (Mar 13): Sal Kimmich speaking on “The road ahead: How confidential computing will evolve in the 2020s and beyond”
  • OSS NA, Seattle (Apr 16-18): Get ready for the CCC Mini-Summit.
  • RSA (May 6-9): All members who are exhibiting or planning to attend, LET’S COLLABORATE. CCC will have a booth and we’d like to support our members. Reach out to the Event SIG link below and let us know if you haven’t already! 
  • CC Summit (Jun 5-6): CFP for CCC breakout sessions will be available soon. Join the Outreach Committee call to discuss more.

For any questions regarding CCC events, email Events SIG.

Got Content?

You can submit your request via the CCC Content Request Form.

Covered content:

  • Blog post
  • Social post
  • Webinar
  • Newsletter
  • Case study
  • Meet up
  • Other

Submit content request

CCC Technical Advisory

The year is off to a strong start in the technical community. We are anchoring our contributions on a common view that by working together as a community we can make the world more secure with Confidential Computing than we could as individuals or individual companies. Our work is organized into three streams: Projects, Ecosystem, and Community. By the end of this year, we will be able to say: 

Projects: As an open-source organization, we helped our projects grow.

  • We coached our projects to adopt security best practices according to OpenSSF guidance (best practices badge).
  • We actively mentored our projects on how to gain adoption.
  • We facilitated collaboration for CCC projects including with the Linux Kernel 

Ecosystem: As security practitioners, we informed security and privacy compliance, standards, and research.

  • We identified influential compliance organizations & appropriately recommended CC in public documents.
  • We evolved understanding of attestation and aligned on protocols and formats.
  • We engaged with academia to encourage and publicize CC research and study.

Community: Our community is growing and healthy.

  • We encouraged our projects to take LF Inclusive Open Source training.
  • We have sought out and welcomed new contributors
    • by representing CCC at conferences
    • facilitating project issues and pull requests
    • by participating in mentorship programs such LFX Mentorship, Outreachy, and GSoC to ramp new people in our SIGs and committees

It’s a full year of work ahead of us, but with the active contributions of each of us, we’re going to accomplish each of these goals! 

Take LF Exclusive Training

Technical Community

Searchable Glossary of Confidential Computing Terms
We’re creating a glossary of the standardized terminology, and communicating with other regulatory bodies like the CSA to use this glossary as the field standard. We welcome contributions to the CCC Glossary Repository for review and discussion now. These terms will be available directly on the CCC website shortly following that process. 

Introducing the New Kernel SIG

The CCC is excited to announce the development of a new Special Interest Group (SIG) focused on the Kernel. 

This SIG aims to:

Facilitate dialog between Linux kernel and Confidential Computing subject matter experts:

  • to facilitate direction for topics that need formal collaboration,
  • to have an additional venue to facilitate direction for topics that are stalled on LKML, which would benefit from higher bandwidth communication,
  • to have a common place to record decisions and formalize the output for others to reference,

and to introduce new technical topics emerging in either domain, e.g., attestation mechanisms approaching standardization.

Learn more about the Kernel SIG and how you can contribute to its foundational goals. 

Kernel SIG Proposal

Engage Your Legal Teams in Our GRC Efforts

We’re calling on members to involve their legal teams in our Governance, Risk Management, and Compliance (GRC) initiatives: you can join the GRC mailing list to learn more. These efforts are focused on developing Patterns for Confidential Computing that align with common regulation standards, and sector-specific regulatory obligations. Your legal team’s input will be invaluable as we strive to ensure that confidential computing technologies meet and exceed regulatory requirements.

Join GRC mailing list.

Open Source Dashboards

Soon, all Linux Subfoundation Open Source Projects may be featured on the LFX Insights platform, integrated with new insights for projects from the amazing CLOMonitor. This advancement promises to provide CCC members with critical data on project documentation, cybersecurity readiness, and more. Here are just a few of the important metrics that projects will be evaluated by:


Comprehensive Documentation and Licensing Checks: Ensures projects have detailed README files and clear open-source licenses, facilitating easier adoption and compliance.

Security and Dependency Management: Offers vulnerability scanning and dependency analysis, helping projects identify and mitigate potential security risks before they become issues.

Diverse and Active Community Engagement: Measures contributor diversity and issue engagement, highlighting the project’s inclusivity and responsiveness to community feedback.

Code Health Monitoring: Tracks codebase activity, including commit frequency and issue resolution times, to gauge ongoing development and maintainability.

Project Vitality Indicators: Analyzes release frequency and adoption rates, providing insights into the project’s momentum, popularity, and impact within the open-source ecosystem.

More from CCC Community

CCC Newsletter- January 2024

By Newsletter No Comments

Hello Community Member,

Welcome to the New Year. We’re excited to continue to connect with you and help drive innovation. You’ll hear from us on a monthly basis (at least) for any news and insightful information.

A quick reminder of what we’re about: Confidential Computing Consortium is a community focused on open-source licensed projects securing DATA IN USE and accelerating the adoption of confidential computing through open collaboration. We welcome all members and projects to be involved and engaged. We’re all contributors to shaping the future of Confidential Computing.

Without further ado, let’s get into the content.

CCC Presence in 2023

We wrapped up a busy year of growth and lots of activities. By bringing in the new Executive Director, Mike Bursell, along with our community members’ participation, we’ve increased our presence at industry conferences significantly.

You can hear from Mike on how his first year at CCC as the ED has been and where he is looking to take on in 2024 in his blog.

Technical Community

In 2023 we focused on growing three things: our projects, ecosystem recognition, and our community. Our technical community made great strides on each of these. Our open-source project portfolio is wider and more mature. Outside of the CCC, we contributed security expertise to public documents and standards organizations. As we grew to deliver these projects and papers, we maintained our emphasis on growing a positive community where everyone is welcome, and anyone can learn and contribute.

Read Open Source Highlights

Welcome, Sal Kimmich

We’ve started the year off strongly with the addition of Sal Kimmich to the CCC staff team as Technical Community Advisor. Sal has lots of experience in open source communities and security, and is already shaking up what we’re doing (in a number of excellent ways). Expect to hear lots more from Sal. Read more on Sal.

What’s New…

  1. Newsletter: We’ll be bringing you more insightful news from all across the CCC horizon. We’re going to have a regular segment update covering TAC news, Outreach news, Member/ED news, and Project/TCA news.
  2. Outreach SIG: Outreach has new SIGs! In 2024, we’ll be upleveling the outreach efforts across these 4 main focus areas:Events, Web Presence, Technical Documents, and Demos. Each SIG has a lead and participating members to streamline the process. Join us in our bi-weekly Outreach Meeting to participate.
  3. New Look, New Presence: CCC Outreach brought in Linux Foundation’s Sr. Marketing PM, Jen Shelby, to make CCC’s external presence to be cohesive and organized. She’ll be working closely with our Web Presence SIG to improve our website, external publication, social, graphic design, and so much more. 

Member Benefits: If you’re unclear about what you can get from participating in the CCC, check out the new benefits page on the website. We also want to encourage ecosystem growth, particularly around start-up participation. For any members, prospective members, or anyone with use cases for or interest in Confidential Computing who wants to get in touch, email Mike Bursell (ED) to see how we can help.

Upcoming Events

Take a look at our upcoming industry engagement and see where you and your team can participate.

  1. FOSDEM (Feb 3-4): CCC is hosting a social hour to support the Confidential Computing Devroom. Email Event SIG if you want to RSVP.
  2. State of Open Con (Feb 6-7): TCA Sal Kimmich is giving a talk.
  3. Rocky Mountain Cyberspace Summit (Feb 19): ED Mike Bursell is attending.
  4. PET EU (Feb 27-28): CCC is an Associate Partner and will host multiple sessions. 
  5. OC3 (Mar 13): CCC is hosting 15-min session.
  6. OSS NA (Apr 16-18): CCC is hosting a Mini-Summit.
  7. RSA (May 6-9): Come see us at the CCC booth. All member companies are welcome to collaborate with us. 
  8. CC Summit (Jun 5-6): CCC is co-hosting the conference.

**For your inquiry, please email Events SIG.

Member Content

Enclaive.io Enclaive.io cordially invites you to the public preview of the virtual Hardware Security Module (vHSM) – a breakthrough in key management for cloud environments. Leveraging advanced confidential compute and virtualization, Enclaive’s vHSMs offer unmatched scalability and flexibility, easily adapting to dynamic requirements in modern data centers. To sign up for the public preview, please contact Enclaive team

Industry Scoop

Fujitsu Strengthens Commitment to Secure Computing: Joins Confidential Computing Consortium as General Member

By Announcement No Comments

Fujitsu has strengthened its commitment to secure computing by joining the Confidential Computing Consortium as a General Member. It reflects its dedication to leading-edge technology and recognizes security’s paramount importance as a global information and communication technology (ICT) leader in the digital age.

Through active participation in the consortium, Fujitsu becomes a key player in shaping the future of secure computing, collaborating with industry leaders to contribute expertise and resources to develop open-source technologies enhancing data security and privacy.

This membership marks a crucial step in Fujitsu’s journey to fortify data security, establishing itself as a secure and confidential computing leader alongside other industry leaders. As the consortium drives innovation, we anticipate transformative advancements, leading to a redefined data security landscape.

Confidential Computing Consortium unites industry leaders to advance confidential computing, focusing on secure data-in-use and safeguarding sensitive information during processing. Fujitsu’s alignment with like-minded organizations underscores its commitment to data security through open-source technologies.

Confidential computing introduces a paradigm shift in securing sensitive data, addressing the need to protect data during processing, in addition to traditional measures for data at rest and in transit. This approach ensures encryption and protection of sensitive information during active use.

The consortium provides a collaborative platform for members to share insights, expertise, and resources. Fujitsu’s involvement signifies a shared commitment to fostering innovation and driving advancements in confidential computing. As technology evolves, collaboration becomes crucial in addressing complex challenges and overcoming emerging threats.

Learn more about the Confidential Computer Consortium and how to get involved.

Read about other organizations who recently joined CCC.

NVIDIA

TikTok