Hello Community!

Welcome to the 2024 September Newsletter

In Today’s Issue:

1. Executive Director September Recap
2. Recordings from the CC Mini Summit @ OSSEU
3. TAC Tech Talks & Upcoming Discussions
4. Community Blog Highlights

Welcome to the September edition of our newsletter – your guide to awesome happenings in our CCC community. Let’s go!

Executive Director Update

September saw us holding a Confidential Computing Mini-Summit, co-located with Open Source Summit Europe in Vienna.  Despite torrential rain and major flooding in the preceding days, all of the speakers and panel members made it and we had an interesting – and sometimes spirited! – set of discussions.  I particularly enjoyed moderating a panel on attestation – see below for more on that topic.  The slide decks from the speakers as well as the video recordings at the Mini-Summit will be available for you to watch.

I also popped over to Dublin for the Eyes Off Data Summit, where I appeared as a panel member in a session about the opportunities and challenges of Confidential Computing.

The main thing that I’m seeing at the moment in the community is a realization that while there’s still a lot of work to be done educating the wider world on the basics of Confidential Computing and TEEs, the really interesting work and the really exciting business opportunities are likely to revolve around attestation.  This is reflected in the conversations we’re having at conferences and the work that we’re doing in the CCC.  There are two main streams of work: the technical, where we’re looking at definitions, protocols and related areas; and business questions such as “who should run an attestation verification service?” and “what sorts of policies should we expect an attestation verification service to enforce?”.  Spanning these streams is the work by the Governance, Risk and Compliance (GRC) SIG, which also considers issues around regulation.

If any of this sounds interesting to you, or you’d like to be involved in any way in the work of the CCC, we’d love to hear from you.

Get in touch

CC Mini Summit Recordings & Slides

On Demand Content is Available NOW!

Enjoy the recordings from the Confidential Computing Mini Summit at OSS EU.

Watch the Recording

TAC Update

This month we had three really deep tech talks. A couple are more on the advanced end of the spectrum but don’t let that scare you away from checking them out. They were all presented in really accessible formats. You’ll see the TAC Tech Talks playlist alongside our other playlists on the CCC YouTube channel:

TAC Tech Talk playlist 

Heading into October we’re in our final quarter to complete the goals we set for ourselves for the year. One of the big topics is getting Confidential Computing Features upstreamed into the Linux Kernel. The primary maintainers conference (The Linux Plumbers Conference) just concluded in late September so we’ll be getting some feedback from that in the TAC in October.

We’re also looking at starting some new work related to attestation verification. Feedback from another exercise showed us that there’s still areas that need a common definition. Among them, being able to identify entities that are in and out of the Trusted Computing Base (TCB), also informally called the trust boundary. Entities like CSPs are pretty big and we want to be more granular to more accurately reflect who is and isn’t trusted for a given deployment – or at least what sort of questions an adopter should think through.

Community Blog Highlights

• • Confidential Computing for Secure AI Pipelines: Protecting the Full Model Lifecycle
  • Strengthening Multi-Cloud Security: The Role of COCONUT-SVSM in Confidential Virtual Machines
  • Exploring Enclave SDKs: Enhancing Confidential Computing
  • Library OS for Confidential Computing: Enhancing Data Security with Cutting-Edge Projects
  • Enabling Verifiable, User-Owned and Tradable AI Agents in Games – with Veriplay, Polygon, Immutable and Super Protocol

In Today’s Issue:

1. Executive Director August Recap
2. Agenda Released! CC Mini Summit @ OSSEU
3. Post-Quantum Cryptography
4. Web3 Use Case
5. Community Blog Highlights

Welcome to the August edition of our newsletter – your guide to awesome happenings in our CCC community. Let’s go!

Executive Director August recap

While it’s holiday season in much of the Northern Hemisphere, the CCC’s work continues (uninterrupted even by the Olympics and Paralympics!), and as we’ve grown over the past few years, we’ve made the decision to continue Governing Board meetings throughout the year, instead of breaking for the (Northern) summer period.  The Governing Board manages the strategic and policy directions of the CCC, including budgetary decisions and the acceptance of new open-source projects into the Consortium.  Attendance is open to officers of the Consortium, Premier Member representatives, and the elected Governing Board representatives of the General Members.  Representatives from other committees typically attend and present the status of work in their respective areas and sometimes the Governing Board requests reports from other groups.

While keeping within the governance structure of the Consortium, we try to maintain a “minimal viable governance” approach.  Post-Covid (and changing travel budget constraints for many organizations), opportunities to meet in person have been reduced, so we are considering a face-to-face meeting (supplemented by video conferencing) at the Linux Foundation Member Summit in November: please let us know if you’re going to be there (even if you’re not a Premier member!).

One of the areas that the Governing Board has been keen to promote work on this year has been lowering barriers to the adoption of Confidential Computing.  One of these is the availability of Attestation Verification Services, which allow consumers of Confidential Computing services to gain the cryptographic assurances about the workloads they need.  Attestation is a core part of Confidential Computing, and the word “attested” was deliberately added to the CCC’s definition of Confidential Computing to reflect that:
“Confidential Computing is the protection of data in use by performing computation in a hardware-based, attested Trusted Execution Environment.”

The CCC has recently kicked off a piece of work to encourage discussion of business models around Attestation Verification Services and to help those considering providing or consuming them.  An initial discussion document has generated a great deal of input and the plan is to start a working group with online meetings later in August.  If you are interested in participating, please get in touch.

CC Mini Summit Agenda Announced!

Bringing EU Community Together

CCC is hosting the “Confidential Computing Mini Summit” at the Open Source Summit EU, Vienna Austria

• 📢 Mini Summit Agenda
• ⏰ Time: 13:30 – 17:00
• 📍 Room 0.14 (level 0) – see floor plan here
• 🎫 Mini Summit Registration Fee: $10
• 💰 20% Discount Code for Main Summit: OSSEUCOLOSPK20
  (*Note: Registration for the main conference is required to attend the Mini Summit.)
• Register Here

Post-Quantum Cryptography

Over the last few weeks at TAC meetings, we’ve been discussing the new evolution of cryptography called Post-Quantum Cryptography or PQC. As full-scale quantum computers become more and more likely, cryptographers have had to invent new algorithms that will remain secure against adversaries with new capabilities. In Confidential Computing, we rely on cryptography in a number of ways to protect workloads in use. As a trusted execution environment (TEE) starts we use cryptographic hash algorithms to fingerprint each component.

Later we use cryptographic signatures when the hardware attests to those measurements. While the workload is running the memory is protected with encryption and in some cases integrity provisions. Some of these algorithms are more impacted by quantum computing than others. Hardware vendors will need to update their algorithms. Software vendors may want to shield downstream adopters by carefully designing their APIs. If you are interested to learn more keep your eyes open for an upcoming blog on our Post Quantum Cryptography discussions or watch our Tech Talk.

TAC Tech Talk playlist 

Bringing EU Community Together

CCC is hosting the “Confidential Computing Mini Summit” at the Open Source Summit EU, Vienna Austria

• 📢 Mini Summit Agenda
• ⏰ Time: 13:30 – 17:00
• 📍 Room 0.14 (level 0) – see floor plan here
• 🎫 Mini Summit Registration Fee: $10
• 💰 20% Discount Code for Main Summit: OSSEUCOLOSPK20
  (*Note: Registration for the main conference is required to attend the Mini Summit.)
• Register Here

Web3 Use Case

Enabling Verifiable, User-Owned and Tradable AI Agents in Games – with Veriplay, Polygon, Immutable and Super Protocol

True Web3 Games, with their potential for rich gaming experiences, advanced AI agents, and genuine digital asset ownership, can only reach their full potential through the implementation of Confidential Computing in a truly decentralized manner. The Confidential Computing Consortium, alongside its member Super Protocol, is at the forefront of this revolution, demonstrating how these technologies can unlock new business opportunities.

Read the Full Use Case

Community Blog Highlights

• Attestation Libraries for Confidential Computing: Veraison and SPDM Tools
• End-User Devices for Confidential Computing: Exploring Islet
• Understanding Trusted Firmware in Confidential Computing: Coconut SVSM and VirTEE
• Catch the Exclusive Interview with Mike Bursell at the Confidential Computing Summit 2024

In Today’s Issue:

1. Executive Director July Recap
2. The Case for Confidential Computing
3. Community News
4. OSS EU 2024, Confidential Computing Mini Summit

Welcome to the July edition of our newsletter – your guide to awesome happenings in our CCC community. Let’s go!

Executive Director July recap

Following the announcement of a 12-month free subscription to the CCC for new members of under 100 employees, we’ve had a steady stream of new members and it’s continuously growing! If you are a start-up and would like to get involved in the CCC’s work (or you know another organization that might be interested), please get in touch. You can find information about many of the benefits on our website.

This month, I went back in Asia, meeting members (and potential members) in South Korea and Singapore. The CCC sponsored the Privacy-Enhancing Technology Summit Asia-Pacific again this year and we had a fantastic turnout. Read the full recap blog here.

Having had the CC Summit in North America and the PET Summit in Singapore, we’re not about to leave out Europe, where we’re seeing increasing interest and traction for Confidential Computing. I led a panel discussion on CC for the European Central Bank with Parviz Peiravi from Intel and Felix Schuster from Edgeless Systems recently. And we’re also running a CC Mini-Summit at Open Source Summit in Vienna on the 19th September. No waltzes are promised, but there are opportunities to speak: still few more days to submit your talk! Mini Summit CFP

CCC’s Use Case Report is LIVE

As the collection, storage, and analysis of data become increasingly important across industries, businesses are looking for solutions that keep data secure and processes compliant with regulations. Confidential computing is one of these solutions, involving the use of a trusted execution environment that runs on shared infrastructure but processes data away from unauthorized users.

This use case report interviewed members of the confidential computing community on the ways they have implemented the technology and what they believe its future holds.

Read the Full Report

Community News

• Homeland Security Awards Contracts to Hushmesh to Identify, Develop, and Implement Privacy-Enhancing Digital Wallets Technologies
• Highlights from Confidential Computing Summit 2024
• Intel + Opaque + ONCD on AI Implications f
  or Enterprise
• Intel Security Community blog on CCC’s Use Case

Meet us at Open Source Summit

Bringing EU Community Together

CCC is hosting the “Confidential Computing Mini Summit” at the Open Source Summit EU, Vienna Austria

• ⏰ Time: 13:30 – 17:00
• 🎫 Mini Summit Registration Fee: $10
• 💰 20% Discount Code for Main Summit: OSSEUCOLOSPK20
  (*Note: Registration for the main conference is required to attend the Mini Summit.)
• Register Here

In Today’s Issue:

1. Executive Director June Recap
2. NEW ANNOUNCEMENT!
3. Securing the Software Supply Chain
4. Community News
5. OSS EU 2024, Confidential Computing Mini Summit

Executive Director June recap

It was great to meet so many of you at the Confidential Computing Summit in San Francisco – both at the CCC sponsored meet-up at a local speakeasy and at the conference itself. I would like in particular like to thank everyone who engaged with and supported the work we’re doing at the CCC – by coming to the booth, talking to us in person and, of course, attending and speaking sessions. As well as a great deal of discussion around use cases (with a particular focus on AI), many people were interested in getting involved in discussions around business models for remote attestation, one of several topics I brought up in my keynote session (regulator and standards engagement was another popular one).  If you’re interested in getting involved, please let me know!

Combined with a number of podcasts, webinars and panel discussions at various conferences, interest in and visibility of Confidential Computing really seems to be picking up. We’ve got a working group on repositioning the CCC’s messaging to ensure that we’re able to respond to industry and ecosystem interest: we’d love more involvement in this as well.

Exciting News for Start-ups!

The Confidential Computing Consortium (CCC) has launched a new membership tier tailored for start-ups, offering a complimentary first-year membership. This initiative aims to empower emerging companies by providing access to vital resources, collaborative opportunities, and industry insights. Eligible start-ups can connect with leaders, gain educational materials, and influence industry standards. This is a fantastic chance to be part of the future of secure computing. 

 To learn more and apply, visit the Confidential Computing Consortium blog.

Securing the Software Supply Chain

In the wake of SolarWinds and other high-profile supply chain attacks, Confidential Computing offers new ways to protect the integrity of the software we all rely on. 
Recently we heard from Chad Kimes of Github and Marcela Melara from Intel on securing the software supply chain. They shared their work on SLSA, in-toto, & CI/CD for secure, attestable builds. You can watch their tech talk here.

Community News

• IBM Cloud Expands Confidential Computing Adoption with Intel SGX
• How Confidential Accelerators can boost AI workload security
• Confidential Computing at Identiverse: The Internet’s missing cryptography engine
• Intel Principal Engineer and CCC Advisory Chair Discuss Enhancing the Confidential Computing Ecosystem’s Value and Impact

Meet us at Open Source Summit

Bringing EU Community Together

CCC is hosting the “Confidential Computing Mini Summit” at the Open Source Summit EU, Vienna Austria.

• ⏰ Time: 13:30 – 17:00
• 🎫 Mini Summit Registration Fee: $10
• 💰 20% Discount Code for Main Summit: OSSEUCOLOSPK20
  (*Note: Registration for the main conference is required to attend the Mini Summit.)
• Register Here

Have a topic you want to present at the Mini Summit? Submit CFP Here

Welcome to the 2024 CCC Newsletter- your guide to awesome happenings in our CCC community.

In Today’s Issue:

1. Welcome New Members from the Confidential Computing Consortium
2. New SIG to Bridging the Gap Between Linux Kernel and Confidential Computing Developers
3. Meet us at RSAC
4. Outreach Engagement

From the Executive Director

The conference season is well and truly upon us and I’m pleased to be speaking at a number of them during the next few months.  It’s also great to see more sessions on Confidential Computing being accepted by program committees: if you or a colleague is presenting at a conference session, please let the Outreach committee know so that we can spread the word via the newsletter, social media and beyond.

NVIDIA Premier Membership

I’m also very glad to be able to welcome NVIDIA as a Premier Member.  They have been with the CCC for a while, but have recently moved up to Premier, with Michael O’Connor serving as their GB representative.  In fact, we’re beginning to see an uptick in engagement by members across the committees, SIGs and beyond: this can only help the goals of the CCC as we make the most of the opportunities that are arising as the ecosystem realizes the benefits that Confidential Computing can bring.

I hope to see you at one of the conferences we’re attending: please let us know if you’re going to be at any of them – details available on the website under Events.

Read about NVIDIA and our upcoming Events.

I

FROM The TAC

Announcing Our New SIG: Bridging the Gap Between Linux Kernel and Confidential Computing Developers

We’re thrilled to unite two groups within the same company who haven’t always been in communication: Linux Kernel developers and Confidential Computing developers. While some individuals may straddle both roles, often they represent distinct disciplines.

Read about the SIG and upcoming meetings.

Bringing Confidential Computing to RSAC 2024

Membership Has Its Benefits. Get an Extra $150 off RSAC 2024.

Join us May 6 – 9 at RSAC 2024, the ultimate cybersecurity destination. Immerse yourself in expert-led sessions, connect with industry leaders, and discover the latest trends and best practices. Elevate your cybersecurity game and be a part of shaping the industry’s future. Don’t miss this opportunity to advance your skills and network with the best in the field. 

CCC members save an additional $150 when registering with code 14UCCCFD. Register now. 

Visit us at Booth #2161 (South Expo)

CCC $150 Discount Code: 14UCCCFD

CCC FREE Expo Pass Code: 52ECONCOMPXO 

VIEW FULL AGENDA

Outreach Engagement

CCC at Industry Conferences

• RSAC (May 6 – 9)
  • Come visit us at our Booth #2161
  • Speaking:
    • So You Want to Open Source Your Project?  Hold Your Horses
    • Data-in-Use Protection: Privacy-Enhancing Technologies (PETs) for Business
    • The Mesh is the new Web.  Time to move beyond 35-year-old vintage Web tech.
• Identiverse (May 28 – 31)
  • Panel: Confidential Computing: The Internet’s missing cryptography engine
• Hardwear io (May 28 – Jun 1)
  • Panel: A new root of trust: changing computing with Trusted Execution Environments
• Confidential Computing Summit (Jun 5 – 6)
  • Keynote & Breakout sessions

New Blog Series to Add to Your Favorite

• The CIA Triad for Confidential Computing
• Collaborative Security: The Role of Open Source in Confidential Computing
• Basics of Trusted Execution Environments (TEEs): The Heart of Confidential Computing
• The Evolution of Cybersecurity: From Early Threats to Modern Challenges
• Introduction to Confidential Computing: A Year-Long Exploration

Register for CC Summit

Welcome to the 2024 May Newsletter

In Today’s Issue:

1. RSAC Recap
2. New CCC Working Groups
3. Tech Talk on Attestation
4. CCC Blogs + Upcoming Events
5. CC Summit: Conference for Confidential Data & AI

Hello Community Member,

CCC New Working Groups

As you know, industry-leading organizations come together at CCC and are constantly working to develop and collaborate on standards for Confidential Computing.

On this topic, we’re forming a working group to look at repositioning the CCC and how we present ourselves to the outside world (not to mention potential members), including reflecting on the importance of AI, data privacy, and collaborative computation.

Another working group is considering whether the Consortium should offer a certification for companies, products, services, or solutions.  We’re looking for involvement in both of these working groups, so if you have strong views on either, please get in touch.

Tech Talk on Attestation

Attestation lets us evaluate whether we can trust an enclave or a Confidential Virtual Machine (CVM). CVMs have more moving parts to evaluate than enclaves.

This month we had a great Tech Talk from Googler, Dionna Glaze. She explained a lot of the detail required to provide transparency and trust in some of these layers like the virtual firmware (UEFI). 

Watch this talk on YouTube and find the slides in our TAC Governance repository.

New Blogs This Month

• Decoding Trust in Confidential Computing: Foundations and Open Source Perspectives
• Unlocking AI for the Enterprise: Confidential Computing Summit

CCC at Industry Conferences

Coming up next, here are our upcoming event activities.

• Identiverse (May 28 – 31)
  • Panel: Confidential Computing: The Internet’s missing cryptography engine
• Hardwear io (May 28 – Jun 1)
  • Panel: A new root of trust: changing computing with Trusted Execution Environments
• Confidential Computing Summit (Jun 5 – 6)
  • Keynote, 2 breakout sessions, and poster session + CCC booth

BIGGEST Discount Ever Exclusively for CCC Community

We’re pumped to have so many expert speakers coming together for #CCSummit in just a few weeks. Save BIG with the CCC discount code and invite your network to join us.

• Full Conference Agenda
• 50% Discount Code: CCC50
• Register Here

Happy Hour for All (& Aspiring) Members!

Coming to CC Summit? Join us for an evening of an unforgettable speakeasy experience and good conversation. Mark your calendar, RSVP below, and we can’t wait to see you! ⏰ June 4th, Tuesday | 6PM 📍 Bourbon & Branch San Francisco 🎫 RSVP Here

If you find this newsletter helpful, forward this to your network!

Subscribe to CCC Newsletter

Hello Community Member,

We’re wrapping up a busy February with a lot of CCC engagements at industry events and various internal revamp processes.

A quick reminder of what we’re about: Confidential Computing Consortium is a community focused on open-source licensed projects securing DATA IN USE and accelerating the adoption of confidential computing through open collaboration. We welcome all members and projects to be involved and engaged. We’re all contributors to shaping the future of Confidential Computing.

Let’s go!

In February’s Issue:

1. Executive Director’s Corner 
2.  Outreach Activity – Your Opportunity to Get Involved
3.  All Things Technical Community
4. CCC Community Content

From the Executive Director

The conference season is heating up again, and Confidential Computing is becoming more visible in all kinds of areas. We started February with a whole afternoon track (“devroom”) on Confidential Computing at the developer-led FOSDEM in Brussels, followed by a talk by Sal Kimmich at State of Open UK in London. I’m at the Rocky Mountain Cyberspace Symposium in Colorado Springs during the week of the 19th of February, and we round off the month with the Privacy-Enhancing Summit in London (see below!).

We’re also having success in having an increasing number of sessions being accepted at major conferences including the Confidential Computing Summit and RSA Conference North America. What we’d love to do is make the most of these opportunities with members of the Consortium, so if you’re attending or exhibiting at any conferences, please let us know: we always look for ways to coordinate and amplify each others’ efforts.

CCC Outreach Activities

Kicking off the year with a bang! February was full of CCC activities at industry events. You’re invited.

Upcoming Events

• PET EU (Feb 27-28): CCC is an Associate Partner for PET series. Use the discount code ‘CCC10‘ and join us in London!
  • [Presentation] Confidential Computing and AI: Securing Data and Driving Innovation by Simon Gallagher (Microsoft)
  • [Panel] Fortifying Privacy and Security: The Power of Confidential Computing Solutions with Simon Gallagher (Microsoft), Andreas Walbrodt (Enclaive), Bertrand Foing (Secretarium & Klave) moderated by Mike Bursell (CCC)
  • [Panel] Building an AI Toolbox: How to Utilise Regulated Data Enterprises with David Pollington (Bloc Ventures), Amir Tabakovic (Mobey Forum) moderated by Sal Kimmich (CCC)
  • [Roundtable] Protecting Privacy in AI and Emerging Technologies led by Sal Kimmich
  • [Welcome Reception Jeopardy!] Co-hosted with Partisia. Jeopardy led by Sal Kimmich
• OC3 (Mar 13): Sal Kimmich speaking on “The road ahead: How confidential computing will evolve in the 2020s and beyond”
• OSS NA, Seattle (Apr 16-18): Get ready for the CCC Mini-Summit.
• RSA (May 6-9): All members who are exhibiting or planning to attend, LET’S COLLABORATE. CCC will have a booth and we’d like to support our members. Reach out to the Event SIG link below and let us know if you haven’t already! 
• CC Summit (Jun 5-6): CFP for CCC breakout sessions will be available soon. Join the Outreach Committee call to discuss more.

For any questions regarding CCC events, email Events SIG.

Got Content?

You can submit your request via the CCC Content Request Form.

Covered content:

• Blog post
• Social post
• Webinar
• Newsletter
• Case study
• Meet up
• Other

Submit content request

CCC Technical Advisory

The year is off to a strong start in the technical community. We are anchoring our contributions on a common view that by working together as a community we can make the world more secure with Confidential Computing than we could as individuals or individual companies. Our work is organized into three streams: Projects, Ecosystem, and Community. By the end of this year, we will be able to say: 

Projects: As an open-source organization, we helped our projects grow.

• We coached our projects to adopt security best practices according to OpenSSF guidance (best practices badge).
• We actively mentored our projects on how to gain adoption.
• We facilitated collaboration for CCC projects including with the Linux Kernel 

Ecosystem: As security practitioners, we informed security and privacy compliance, standards, and research.

• We identified influential compliance organizations & appropriately recommended CC in public documents.
• We evolved understanding of attestation and aligned on protocols and formats.
• We engaged with academia to encourage and publicize CC research and study.

Community: Our community is growing and healthy.

• We encouraged our projects to take LF Inclusive Open Source training.
• We have sought out and welcomed new contributors
  • by representing CCC at conferences
  • facilitating project issues and pull requests
  • by participating in mentorship programs such LFX Mentorship, Outreachy, and GSoC to ramp new people in our SIGs and committees

It’s a full year of work ahead of us, but with the active contributions of each of us, we’re going to accomplish each of these goals! 

Take LF Exclusive Training

Technical Community

Searchable Glossary of Confidential Computing Terms
We’re creating a glossary of the standardized terminology, and communicating with other regulatory bodies like the CSA to use this glossary as the field standard. We welcome contributions to the CCC Glossary Repository for review and discussion now. These terms will be available directly on the CCC website shortly following that process. 

Introducing the New Kernel SIG

The CCC is excited to announce the development of a new Special Interest Group (SIG) focused on the Kernel. 

This SIG aims to:

Facilitate dialog between Linux kernel and Confidential Computing subject matter experts:

• to facilitate direction for topics that need formal collaboration,
• to have an additional venue to facilitate direction for topics that are stalled on LKML, which would benefit from higher bandwidth communication,
• to have a common place to record decisions and formalize the output for others to reference,

and to introduce new technical topics emerging in either domain, e.g., attestation mechanisms approaching standardization.

Learn more about the Kernel SIG and how you can contribute to its foundational goals. 

Kernel SIG Proposal

Engage Your Legal Teams in Our GRC Efforts

We’re calling on members to involve their legal teams in our Governance, Risk Management, and Compliance (GRC) initiatives: you can join the GRC mailing list to learn more. These efforts are focused on developing Patterns for Confidential Computing that align with common regulation standards, and sector-specific regulatory obligations. Your legal team’s input will be invaluable as we strive to ensure that confidential computing technologies meet and exceed regulatory requirements.

Join GRC mailing list.

Open Source Dashboards

Soon, all Linux Subfoundation Open Source Projects may be featured on the LFX Insights platform, integrated with new insights for projects from the amazing CLOMonitor. This advancement promises to provide CCC members with critical data on project documentation, cybersecurity readiness, and more. Here are just a few of the important metrics that projects will be evaluated by:

Comprehensive Documentation and Licensing Checks: Ensures projects have detailed README files and clear open-source licenses, facilitating easier adoption and compliance.

Security and Dependency Management: Offers vulnerability scanning and dependency analysis, helping projects identify and mitigate potential security risks before they become issues.

Diverse and Active Community Engagement: Measures contributor diversity and issue engagement, highlighting the project’s inclusivity and responsiveness to community feedback.

Code Health Monitoring: Tracks codebase activity, including commit frequency and issue resolution times, to gauge ongoing development and maintainability.

Project Vitality Indicators: Analyzes release frequency and adoption rates, providing insights into the project’s momentum, popularity, and impact within the open-source ecosystem.

More from CCC Community

• How Confidential Computing Meets Modern Customer Needs – Enclaive
• Highlights from the Confidential Computing DevRoom at FOSDEM – Confidential Computing Consortium
• Webinar Replay “Confidential Computing Demystified” – Canonical
• Subscribe to Confidential Data and AI Newsletter – Opaque

Hello Community Member,

Welcome to the New Year. We’re excited to continue to connect with you and help drive innovation. You’ll hear from us on a monthly basis (at least) for any news and insightful information.

A quick reminder of what we’re about: Confidential Computing Consortium is a community focused on open-source licensed projects securing DATA IN USE and accelerating the adoption of confidential computing through open collaboration. We welcome all members and projects to be involved and engaged. We’re all contributors to shaping the future of Confidential Computing.

Without further ado, let’s get into the content.

CCC Presence in 2023

We wrapped up a busy year of growth and lots of activities. By bringing in the new Executive Director, Mike Bursell, along with our community members’ participation, we’ve increased our presence at industry conferences significantly.

You can hear from Mike on how his first year at CCC as the ED has been and where he is looking to take on in 2024 in his blog.

Technical Community

In 2023 we focused on growing three things: our projects, ecosystem recognition, and our community. Our technical community made great strides on each of these. Our open-source project portfolio is wider and more mature. Outside of the CCC, we contributed security expertise to public documents and standards organizations. As we grew to deliver these projects and papers, we maintained our emphasis on growing a positive community where everyone is welcome, and anyone can learn and contribute.

Read Open Source Highlights

Welcome, Sal Kimmich

We’ve started the year off strongly with the addition of Sal Kimmich to the CCC staff team as Technical Community Advisor. Sal has lots of experience in open source communities and security, and is already shaking up what we’re doing (in a number of excellent ways). Expect to hear lots more from Sal. Read more on Sal.

What’s New…

1. Newsletter: We’ll be bringing you more insightful news from all across the CCC horizon. We’re going to have a regular segment update covering TAC news, Outreach news, Member/ED news, and Project/TCA news.
2. Outreach SIG: Outreach has new SIGs! In 2024, we’ll be upleveling the outreach efforts across these 4 main focus areas:Events, Web Presence, Technical Documents, and Demos. Each SIG has a lead and participating members to streamline the process. Join us in our bi-weekly Outreach Meeting to participate.
3. New Look, New Presence: CCC Outreach brought in Linux Foundation’s Sr. Marketing PM, Jen Shelby, to make CCC’s external presence to be cohesive and organized. She’ll be working closely with our Web Presence SIG to improve our website, external publication, social, graphic design, and so much more. 

Member Benefits: If you’re unclear about what you can get from participating in the CCC, check out the new benefits page on the website. We also want to encourage ecosystem growth, particularly around start-up participation. For any members, prospective members, or anyone with use cases for or interest in Confidential Computing who wants to get in touch, email Mike Bursell (ED) to see how we can help.

Upcoming Events

Take a look at our upcoming industry engagement and see where you and your team can participate.

1. FOSDEM (Feb 3-4): CCC is hosting a social hour to support the Confidential Computing Devroom. Email Event SIG if you want to RSVP.
2. State of Open Con (Feb 6-7): TCA Sal Kimmich is giving a talk.
3. Rocky Mountain Cyberspace Summit (Feb 19): ED Mike Bursell is attending.
4. PET EU (Feb 27-28): CCC is an Associate Partner and will host multiple sessions. 
5. OC3 (Mar 13): CCC is hosting 15-min session.
6. OSS NA (Apr 16-18): CCC is hosting a Mini-Summit.
7. RSA (May 6-9): Come see us at the CCC booth. All member companies are welcome to collaborate with us. 
8. CC Summit (Jun 5-6): CCC is co-hosting the conference.

**For your inquiry, please email Events SIG.

Member Content

Enclaive.io Enclaive.io cordially invites you to the public preview of the virtual Hardware Security Module (vHSM) – a breakthrough in key management for cloud environments. Leveraging advanced confidential compute and virtualization, Enclaive’s vHSMs offer unmatched scalability and flexibility, easily adapting to dynamic requirements in modern data centers. To sign up for the public preview, please contact Enclaive team

Industry Scoop

• 2024 Trends in Data Technologies: Foundation Models and Confidential Computing – Inside Big Data
• Sovereign cloud and Confidential computing shaping cloud’s future – HCLTech
• Confidential Computing Market projected to reach USD 7.7 Billion by 2030, growing at a CAGR of 5.9% during the forecast period of 2023-2030 – MarketDigits (Yahoo Finance)
• Sylabs 2024 Predictions for Container Technologies: Embracing Performance, AI, and Security – Datanami

Welcome to the October/November 2023 edition of the Confidential Computing Consortium newsletter! We look forward to sharing every month news about projects underway, new members, industry events and other useful information to keep you updated with what’s happening at the consortium.

Linux Foundation Member Summit

The Linux Member Summit is for leadership of the Linux Foundation, LF projects and major open source initiatives.  This year it was held in Monterey, California, and Mike Bursell (Executive Director) and Stephen Walli (out-going Chair of the Governing Board) attended and delivered a session entitled 50+ companies, 500+ opinions: Aligning Activities with Member Priorities, discussing the history of the CCC, the challenges and opportunities presented by its diverse membership and the approaches being taken to mitigate and capitalise on them.  The model of minimum-viable governance received a number of questions from the audience and engagement after the session.

A small number of governing board members also met in person for a GB meeting (with others attending virtually), and there were also discussions with existing members, potential members and other projects (Linux Foundation and others) with a possible overlap with Confidential Computing (such as the Linux Foundation’s Digital Trust project).

Privacy-Enhancing Technologies Summit

In November, the CCC was associate sponsor for the PET Summit Singapore, curating the first morning of a two day conference (agenda).  Mike Bursell (Executive Director) moderated the initial session of the conference, introducing Privacy-Enhancing Technologies in general and talking to experts from a variety of backgrounds. Richard Searle of Fortanix then moderated another session, looking particularly at Confidential Computing and the impact it is having on industry today, followed by presentations by Vikas Ujjwal Kumar (Lead Architect
Microsoft Technology Centre APAC, Singapore) and Ayush Batra (Regional CTO, Intel). Mike closed out the morning with a presentation about Confidential Computing and the work of the CCC.

The rest of the conference looked at various PETs, situating them strongly within a business context, and with strong representation from local agencies and organisations.  Notable was the focus on the importance of focussing on the problem that PETs solve, rather than looking for solutions that a particular technology might address.  The IMDA (Singapore’s technology hub and regulator) was the other major sponsor and runs “sandbox” projects to identify and solve issues with the use of PETs: they are very interested in projects from members of the CCC.

This conference was an opportunity for the CCC to execute on its strategy of expanding engagement in the Asia Pacific region and led to interest in membership and collaboration with various organisations, as well as the opportunity to meet in person with several existing members.

Thanks,
The Confidential Computing Consortium