Confidential Computing: why it HAS to be open source

Confidential Computing is the use of hardware-based TEEs (e.g. Intel's SGX and AMD's SEV) to protect data and applications in use: that means that you can run workloads on a compromised or malicious system while still be assured that their confidentiality and integrity is protected. Setting this all up and deploying it is complex and has lots of moving parts. This session will discuss the core components, and look at the impact of who's running them, who supplied them, and whether they're open source. It will use the Enarx project (https://enarx.dev) as an example open source project to show what choices can be made to prioritise security and the importance of openness (in not just the code, but it's development) to the project and its success.