 All right well good morning everyone and thank you for joining us for the confidential computing consortium panel discussion today. Please have you join us we're going to talk for a few minutes today about the continuing growth and exciting evolution of confidential computing as a technology, as a market, and as a new opportunity for all of us as technical and security professionals. My name is David Green. I'm the chair of the outreach committee for the confidential cleaning consortium. I'm also the chief revenue officer at Fortanix, one of the companies active in the space as a software provider for confidential computing solutions. And I'm honored to be working today and talking today with Ava Black and Mike Burcell. Ava, why don't you go ahead and introduce yourself and then Mike you can be the same. Sure, so my name is Ava Black. My pronouns are they and them and I work right now in the Azure office of the CTO. When I started working with the foundation I was in our confidential computing team so I've sort of seen it from in a product group and sort of just as an open source advisor. I don't currently have an official role in the consortium. I'm just kind of a near due well hanging around kicking up trouble everywhere I can. Who does small projects like organize the developer forums? Yeah, little things like organize a conference and keep start our attestation working group, you know. Excellent. And Mike? Yeah, hi, I'm Mike Burcell. He and his and I am a CEO of Profion, a startup. And before that I was with Red Hat and I've been part of the open of the confidential computing consortium from the beginning when Red Hat joined as one of the founding members. And I've served on the the governing board on the technical advisory committee. I've hung out in the outreach committee a bit. I've been involved with a special interest group. I've even acted for a while as the treasurer. So I've seen all different parts of it. So yeah, very pleased to be here today. Excellent. Excellent. That's great. Well, thank you both for being here. And for everyone who's joining us, the confidential computing consortium, if you're not familiar with the organization, is a community that's focused on open source license projects that are looking to secure data in use and accelerate adoption of confidential computing. The core idea of confidential computing is that we want to protect data across its entire life cycle. We've had at our disposal a strong series of technologies for securing data at risk and securing data in transit. But we haven't had a good solution for securing data in use. And fundamentally, that's what confidential computing is intended to do. The core work of the project focuses on open cooperation between different vendors who are helping to build the ecosystem and the technology framework in the space. And also we're driving a set of open source projects that can start to make the power of competition being more broadly available across the industry to users everywhere. And as you've heard, we have two of these key people have been helping to create that here. You know, Mike, now you were involved on day one when this whole thing got started. So maybe you just give a little context. So what was the impetus for the consortium? Why did these companies come together? So I was involved for kind of day minus several actually. Yeah, so a bunch of folks got together. I mean, Intel was one of the initial people interested. And then IBM and Microsoft and started saying, look, this is important stuff. And we think that it's important in the context of open source. And wouldn't it make sense to have a consortium, a place we can talk about stuff which avoids all the anti-competitive, anti-trust stuff. And we can actually have real discussions, technical discussions, talk about the market, how it's going around these technologies, trust execution environments. And then it really started building from there. IBM talked to Red Hat. We've been bought by them by then and said, look, what do you think? And we said, Red Hat said, well, we've got this project that is in fact in this space. We think it's a great idea. And it just went from there. Other people were invited. And I think the foundation was officially kicked off in October 2019. It has sort of three different types of membership. There's the premier members, there's general members, and there's associate members for people like academic or government entities who want to be involved. Yeah, so that's how it kind of kicked off. And just to kind of add to that context, Mike, so the premier members right now just give everyone a sense of who some of the people helping to drive this forward are. Our Intel, as Mike mentioned, Red Hat, as Mike mentioned, as along with Accenture, the Ant Group, ARM, Facebook, Google, Huawei, and Microsoft, Avis Company. And there's sort of 25 or so general members. And we've got another 25 general members. And again, those are a mix of companies. Some are more startup companies, like my company, Fritanics, that are trying to build out the new technology in the space. Other are established industry players, people like Cisco, who are actively monitoring the space and looking how they can contribute to it along the way. Absolutely. I think one of the really important things to mention actually is that all of the major chip vendors are members of the consortium. So Intel, AMD, ARM, and IBM via the Red Hat, IBM sort of collaboration. So there's a real, you know, the hardware vendors are behind it, which has lent really good momentum to what's going on. Now, Eva, you also got involved very early, not quite at day minus whatever, but how have you seen the work of the consortium and more important the marketplace for a company screening of all over that time? I think I started probably around January, February, I think was RSA, February 2020 was RSA. And that was the first time I met a bunch of folks in the group and sort of really jumped in with both feet. And there was a lot of excitement and a lot of interest from companies, I think we had, I want to say it was like five open source projects that were kind of coming in, three that were like really well known and a couple more kind of in the wings. We've had more open source projects join. I think there's been a lot of really good cross industry connections coming out of us in the what year and a half since I joined a year and three quarters. A lot of work between this foundation and other foundations to start pollinating the ideas. How do we enable confidential computing use cases into cloud native computing into other areas? And some of my work right now with supply chain security, the same concepts come up there. How do we do attestation? How do we do isolated execution environments, runtime environments? And I'm seeing work spin up around like the Linux kernel and containers to protect workloads of use. So really, we've created a good center of gravity for work happening in a lot of places. Well, and what's interesting, if I think about what I've seen happen, so my introduction to the consortium actually was the press release going out, I think my second week at Fortanix. So what is this thing and what is going on you all? It has been months of the process at that point, right? But I think to me what's happening and to come at you just made Eva, the ideas have been translated into technology and the technology has been translated into projects and in the real world. And I think that's to me been the most exciting shift over the last two years is confidential computing moving from interesting idea that we can talk about academically to interesting applications in industry and in companies that we can start to see it paying off. And that may be in things like security analytics or security devices and things on those lines. Yeah, I agree with that. I think one of the other things is that there's been a sort of gelling of understanding of what the technologies are and how you define them. So one of the things, the outreach committee, so the outreach is what we decided not to call the marketing committee for those who don't come to it because nothing wrong with that community basis. So the outreach committee has done a great job with the other folks as well. I think of working with people like analysts to say, well, when you're talking about confidential computing, are you talking about the same thing as the rest of the industry and trying to align the industry on what we're talking about? And I think there's still some work to do, obviously, but I really do think that when you talk about confidential computing now, you can do so with some sort of certainty that if either people kind of talking about or you can point them at a well defined description of what that is. And there have been some white papers published by the confidential computing consortium which helped to find the stuff and allowing people to have those conversations yet leads to exactly the sort of stuff you're talking about, David, where people can say, okay, this is what we're doing. Here are some market opportunities. Here is the sectors that are interesting. Here are some projects which fit or don't fit or might fit in the future in exactly this realm. And I think that's been a really positive and really important part of what the CCC has done already. I agree, Mike, and let's not forget open source. Let's talk about some of the components of this, Ava, maybe that's a good segue that would slide on some of the projects that are making this happen. Do you have any particular ones in mind? No, I'm sorry, I didn't mean to catch up. I keep you covered. You've got the path you're heading down. I'm just thinking of the amount of work I've seen in other groups, other open source projects or foundations to pick up the concepts that Mike, as you said, we have done a lot of the outreach from the consortium through the white papers, to work with analysts, through conferences and talks to help align everybody on consistent terminology and an understanding of what this technology enables. I'm appreciating a lot of that sort of percolating up into places like the Cloud Native Computing Foundation, Linux kernel, Cata containers. We're seeing the same concepts now with consistent sort of collective understanding and reference points actually getting worked on. Whereas two years ago, I think a lot of that was nascent. People were aware of like, yeah, the chip vendors are working on something, but we don't know how to use it yet. I think that one of the things that we hope to talk about in this panel was how we got to where we are. And I think this is one of the interesting things. From the beginning as a group, and I have to give a lot of credit to Steve Wally, who's the chair and has been in the beginning of the CCC for trying to push us in this direction. He was always of the opinion that this should be a body which is about welcoming and working with rather than just getting as many logos on the page as possible. We prefer to have fewer people working really well together and reaching out to the rest of the community. And what Eva is saying is absolutely key. If we're just doing stuff on our own, well, that's kind of lovely, but doesn't really help the broader picture. And this is about a change in the industry, and that means the community needs to work out how to engage with that and have a way of maybe a center, not even a center of gravity, but certainly a way of guiding and working with. And that's what I think the CCC has tried to do, Eva. A big part of I think what you're well referencing though is actually the consortium putting a framework in place for what you need in terms of the components of confidential computing and the elements of confidential but not to prescribe a solution. We are not trying to say this is the tool or the technology you need, one of X, one of Y, and this is how you put them together. We might give some examples, but we're not trying to prescribe that or tell anybody else exactly what they're supposed to do. And that's really important to how we build a community, how we enable all of this. I've been pretty clear in my work with the TAC and the attestation working group, and to Mike to your question of is it better to be a smaller group with better sort of more cohesion or a bigger group with more things in the tent. There's a good tug of war across that discussion everywhere. I'm of both opinions. We should welcome all projects, but it's beneficial to all projects for us to work together and to reach out to other groups and see where we can collaborate and it's really important. No, I didn't mean to say that we should be having a very small tent. It's all about it and we've always been very welcome in, I've been part of what it is. We've always said that all meetings are open to everybody. And all projects are welcome enough we need to do. Sorry, what was that even? And all projects are welcome in that tent. Absolutely, yeah. It's just about saying we don't want to just pick up projects or companies or organizations just to have a really long list of logos. It's about being inclusive without just ticking as many boxes as possible. That doesn't really help. One of the first work streams that I like, you were heavily involved in with Dave Thaler and this was in progress when I joined. I think it might have finished just a little before I met you, David. I was defining the mission and the scope of the consortium. You were there for that, right? Because I think that's an important, that was an important boundary to set in the evolution of the organization and the market opportunity. Yep, it's been crucial and in every open source foundation that I've worked with over the past while, right, you need to define sort of what's in and what's out. And that's not to exclude anybody, but to create a cohesive community working together towards a specific tangible objective, right? And so what is the consortium? Maybe elaborate for a minute for those watching this. What is in and what is out as a result of that work? Well, should I read the definition if you go to the very front? Yes, go for it. It says the confidential computing consortium is a community focused on projects securing data in use and accelerating adoption of confidential computing through open collaboration. We've got open in there, we've got confidential computing in there, we've got community, we've got projects, we've got the brief data in use thing, which is kind of the core thing we're trying to do. It took quite a lot of crafting. It took a lot of time. It does a pretty good job. And that's backed up by the tax definition of what is confidential computing, right? Yes. The mission statement references confidential computing without defining it and then the tax defined it. And that work collectively took, what, a year? It sounds like, I know, it took a lot of time. It sounds like you just wrote a sentence. Why did it take all of these people a year to write a sentence? Because of the importance of this in defining a community, I do want, you know, this panel is about how do you build and grow a community and what has our journey been. And that has actually been a really important part of it. And that was a very constructive part of it too, right? And so, you know, what was the outcome of that, Eva? And also, what did we learn as an organization? Do you think in the process of getting to that outcome? It's all about the process, not the journey, not the destination, right? So the process of all of the premier members and a bunch of the general members working together for a year to come up with this also changed all of those organizations in subtle ways. It got us to agree, right, on what is confidential computing and what are we working on together in this foundation? That effort of bringing everyone together to the table and holding space and giving time to come to that consensus, excuse me. That's the critical part of community building. It's the people. Let me read out what the definition is as well. So we've talked about what the mission is and the definition. This is the first sentence in the main body of the white paper, the technical white paper is confidential computing is the protection of data in use by performing computation in a hardware based trusted execution environment. And immediately after that, it says c-section 4 for the definition of a trusted execution environment because it would be far too simple if we just had one thing, right? But we spent a lot of time. Almost every single word, and I think possibly every single word of that was was debated. And or the, I mean, we're debating partially extensively. Level of that. Oh, by, with. But it was really, I think, really useful for the community. It helped us build, you know, a shared purpose. But the other thing is at the personal level, it allowed people and organizations to get to know each other, to realize that people, why people had the agendas they did, to realize where compromise was possible, why compromise was possible, was sorry, was possible and important, and to get to know each other and to work out what sticks were in the ground and why. And what we needed to do to step past some of our expectations to think beyond just our little companies or our big companies and out into the wider market. And it was a really interesting thing. And one of the things I've really enjoyed about this community is the, is the respect that, you know, we, people have for each other at the technical level at the personal level. It's one of the things I'm really sorry about, is that, you know, I'm not going to make it over to the open source summit this year, because there's a whole bunch of people I'd love to be chatting with over a glass of something. And this might happen. Break that download mic kind of on the two dimensions we've been bouncing between the right there, there's the content dimension, there's the process dimension, right. So from, from the, from the, when you have a definition like that, we focus a lot on what landed on the page and went in, but there's a whole body discussion about what didn't make it and what got left out. And I think sometimes it's really interesting to draw that. So as people who were there as part of it, you know, what was it that was in and out, and then I want to talk about more about the process of how that how that happened was for organization. Okay, so I talk about so some of the content and if you want to talk about some of the process throughout that. Sure. Okay, fine. Okay, great. So one, one thing that is out is, is the word or the words and applications. Okay. Okay. So confidence computing is the protection of data in use. Now we could have put and applications in use. And there was a huge discussion about that. I, I, I fell down very strongly on, yes, we should have that and decided actually that was something that I could give on. And the question around that is, do we feel that in order to say something is confidential computing, it has in all cases to protect not just the data, but also the workload that is operating on that data. And we decided there were occasions when that might not be the case, or there were people, you know, there were technologies where they might get excluded, where that wouldn't be fair because actually it probably did edge into what we generally felt was confidential computing. So that's a really good example of, of something that was, was done hardware based. That was a really strong one. That would, that took a long time. What do we mean by hardware based? So that's a further definition of the document in, in hardware or with hardware. We ended on hardware based and hardware based. Yes. So CPUs was an option. We said, no, we don't do that. Cause in the future it might be GPUs or, or DPUs or pretty much anything you could think of. But hardware we felt was important. Things like Enclave was thrown around, but that's a specific term associated with particular technology. There are a whole bunch of this, but the hardware based was a, was a, a long fall. I wouldn't say battle. It's not really thought it was a much debated topic because we thought that it was really, really core to how to get into that. So there's just a couple of, couple of the, the phrases that, that had a bit of a go, one that got out and one that stayed in. In terms of the process and the impact that this debate had, right? It dragged, it dragged on. It took about a year that I remember for, for this particular discussion. And in that process, I know I learned a lot more about the space. I think everybody did. We learned about each other's use cases. We learned how to go each other, negotiate, push and pull in conversation. And as Mike said earlier, we learned how to trust each other more because we were debating in good faith. You know, I, I have a very particular style of argument or discussion, which tends to be going really hard with what I feel and debate that as hard as possible. But if I give to step back and do that, other people have very different ways of doing that. And one of the things was realizing that my style wasn't always appropriate for particular types of discussion. And Avery's very good at nudging, nudging me and other people I think on occasion. Maybe, you know, maybe on the back channel, you might want to just tone that down a bit. That's part of building, that's part of building an inclusive community. Absolutely. Absolutely is. And having, so I think, you know, if we're talking about building, it's not just about the people with the strong technical views. Or the loudest voices. You need lubricants. You need people who can push and try and encourage in different ways. And I hope that, actually, one of the things we've learned is that each of us can be that in different situations. Yeah. And I prefer the phrase hold space. Right. You hold space, but then you have to keep everybody in that space. And sometimes that means reaching on the, on a back channel to say, hey, right now you're making the space less welcoming for some people. So tone it down or, hey, let's make, let's, let's pause a moment and make sure this person has a chance to speak, has space for themselves and their opinion to be brought into the room as well and be seen. Right. So that's all part of, and really essential and really essential to community building and the work we've done in the past two years. Well, and Ava, and also to come, like you, me, and I go, it also does go back to part of the core charter of the organization of every member's welcome, every product meeting or interior's welcome. We're a transparent, collaborative community. And as members, contributors and leaders, we pledge to make participation or harassment free experience for everyone. Yeah. Those are great words on a page. It's a matter of practice, dogma to actually live that. And it's, it's ongoing work. It's never done. So tell one of the stories from the trenches, Ava, because I'm sure there was a moment where there was a contentious, there was a contentious, contentious debate. You can use me, Ava. You can use me. Yeah, you know, there might have been this guy from Red Hat who was kind of hard to work with something. I don't know. Share one of the battle, the battle stories of this, so. Honestly, I, as much as, as Mike has his style, my style to, to dive into those moments, uh, crucial conversations is to do my best and let them go. So I don't have one at the ready. Okay. If you have a time in mind that, you know, when, when I, uh, I don't know, I don't know how you look at it, range you in or message to you. While he pulled to the side and they said, remind me and I'll probably remember it and talk about it. Well, I, I, I, I don't think there's one in particular that I would call out actually, because they, it just feels like we've, we've come to a, uh, we've come to, well, if there've been times Ava, when you and I have come, uh, with slightly different views, but we both know that each other believes very strongly in open source and openness and transparency. So when we'd be discussing some of things about how we have to do community, it may be that we have a different approach to it, but we know that we can almost certainly reconcile them because the principles are coming from the same place. And I think I know that you have a similar level of experience in open source as I do. So we, we have a shared language there and that helps, uh, that helps to, to, uh, be able to talk about the things that are happening that may not be obvious, sort of undercurrent of a conversation. And I know there've been a couple of times when there's been a heated discussion and I'll just pin you in the side and say, Hey, you have a few minutes after this call to talk and then back away from it in the call so that there's no visible conflict. We don't need to have that debate and take up everybody's time going at some, you know, difference of opinion. And then we just hop on a, you know, Zoom call just the two of us and hash it out for 20 minutes and then end up talking about your book collection or my book collection or a tee or a whiskey or something. There's actually another aspect of this I'd quite like to touch on if that's okay, Ava. Is that something you wanted to go for? Go for it. Which is, um, you read out, David, the thing, uh, which we tend to say at the beginning of meetings, which is about, you know, every member's welcome and, uh, as involved. And, you know, one of the things again that, that Steve and us as a group were keen to make sure, um, was, um, clear from the beginning is that it's not the size of the company that gives you the, uh, you know, the important voice. So, um, when I started, I was part of Red Hat and that was, you know, a fairly big company in the space. Um, and, but right from the beginning, there were smaller voices who, when I had things to say, we're absolutely up there. Now, there are voting members, but actually we only generally do votes for when projects come in, um, when we need to spend money and stuff like that. And it's generally that the, the voting members are informed by the rest of the membership. So, you know, when I left Red Hat, uh, and I joined a startup to start up, we weren't, we weren't even officially part of the, um, organization. Um, I still felt I had a voice and I, I established myself and people, you know, I, I, I'm quite good at finding a voice and finding some of my best myself. I don't think I'm alone in that. I think there are other organizations. Well, that, that, that's certainly been an experience, that's certainly been an experience of coming from a much smaller company, right? Thinking that we're going to sit at the table with, you know, with, with, with Red Hat and Microsoft and have a vote, have a say. And we absolutely have, right? I think it's been one of the reasons why the community has thrived is, you know, a young company like Fertanix can walk in and, and be part of the conversation, right? And then the, and the interactions are there. And I think this does speak to the, the kind of the, as the organization evolved, the scaffolding has evolved, you know, starting with the right words on the page in terms of the chart that kind of sets the tone, you know, a group of members that have been lived that, you know, why do you have to, why do you spend a year on a definition? Because you need that, you need that anchor point to ground the discussions, right? And I think, I think that the being deliberate in forming that scaffolding is what then allows the other activities of the organization to kind of thrive. I like the phrase scaffolding here. I think we've done a really good job as a foundation, you know, community of practice building out scaffoldings that rapidly enable work, right? Whether it's startups in the space engaging with the user, user council or technical projects in open source, approaching the foundation and saying, hey, we'd like to contribute this. And we have a program from the TAC that, you know, starts to assign mentors or find mentors to help those younger open source projects find their way in to this foundation and connect to the community. I think that's been really helpful to a lot of, a lot of the projects. When I approached and said, hey, I think we need an actual working group for attestation. It cuts across all of the companies, all of the projects, the sort of the central axle, if you will, of the flywheel of confidential computing, how everything connects together. We need a space for those discussions to happen. We didn't have a precedent for that as a group, right? We've never established a working group before. And it was pretty easy for me without any official role to just say, hey, this is how I set up working groups in other foundations. We copy that or change it for our needs and didn't take that long. You've both come in an open source a few times. You're just watching our time here. Would this be a good time to elaborate a little bit more about some of the open source projects and how that's working within the consortium? Yeah, fine. There's one more thing that's a little briefly touching because I think it plays into what we're talking about. We'll circle back, I think. And that is that another things we decided to start with is when people will know the phrase minimum viable products, everyone knows about this, we decided that we should go with minimum viable governance as few rules as you need to make sure that you can build the frameworks, basically. And that has done us very well. There've been times we've had to add a little bit or even sort of tweak things back a bit. But saying we don't need a charter which is 15 pages long and only most of the charter really deals with membership and have projects and voting and voting. How do you control a budget? Exactly. It doesn't deal with the minutiae of how you get together for a meeting and all those sorts of things. And that's been very helpful for us. Sorry to bang about that. But I think it kind of fills out that conversation we've just been having. Yeah, that's great. The flip side of that, excuse me, the flip side is we are really trying to work with the projects to enable as much interaction between the projects and the tack or projects and each other or projects and other companies as those projects want. And that flexibility, to Mike's point of like, the governing model here doesn't prescribe specific tools, but it does say go be helpful. And how is the consortium, do you think, help facilitate that? What are the lessons and what's been working there? Having a mentor, someone who's been in the foundation for a year or two, who understands how and has the connections in place to support a younger project, maybe coming out of a research group or university who doesn't have the industry connections when they need to pass through some step in the legal process of contributing IP or holding a meeting or joining an event. Maybe they don't know how to set up a mailing list our way or they want some help doing it. That mentor is just really a facilitator to connect them to the folks, whether it's at the Linux Foundation or the TAC or the governing board who can do that or for projects like we really would love to run a CI system. Our little team at this university or startup or wherever isn't well funded enough. We'd love to expand this to meet the needs of our community. Sometimes that kind of proposal becomes or the TAC mentor can help that become a proposal for the TAC to fund it. How do we connect the dots to support projects is the biggest sort of service that we provide to projects that want to join? I've got an example as well. There's a project which I'm associated with called NARCS, which is one of the first projects in the CCC. Recently, NARCS has got a community manager and the community manager is thinking, how can we grow NARCS and thinking, okay, we could do outreach and some intern stuff and hackathons and stuff. Speaking with Nick, who's the community manager, we realized very quickly and he realized that the wrong thing to do was for NARCS to do this. The right thing to do was to go to the CCC and say, wouldn't it be great for confidential computing if we all did this or as many of the projects we can work together on it? We can all benefit from it. There's economies of scale and economies of scope and let's do this together. Frankly, it's something which each product could have done on its own, but it makes a whole lot more sense to do that. The framework to do that, the minimum viable governance, was really simple. Basically, he convinced a couple of other people on the outreach committee that it probably made sense. They went to the outreach committee and presented it as an idea. The outreach committee said, well, yeah, okay. But let's just check that the technical advisory committee, the TAC, thinks a good idea. It was spread to them. They said, yeah, I said, now it's happening. Just a few short weeks. I think that's a pretty good example. I think a great demonstration of what you're both talking about was the developer summit that was held back in the summer. That was your brainchild. That was my baby. I talked a little bit about what was the intent there and what came out from that. My desire grew out of seeing all of the projects doing their own thing last year. I really want to facilitate within the foundation, all the projects connecting. I've always seen great stuff happen when developers working on similar things talk to each other. I wanted to facilitate that. OpenStack used to have a dev summit. Kubernetes has a dev summit. Ubuntu has always had a dev summit. A lot of open source projects have these events where developers come together and sit around a whiteboard physically or virtually and hash out their ideas. Across project boundaries and that cross-pollination of ideas really helps accelerate the growth of any technical project, especially in open source. I wanted to facilitate that in the middle of the pandemic when it's really hard to just meet up in a hallway or a conference room and have that conversation. I spent a while talking to folks in and outside of the CCC what tools could work for that. We put together a committee of volunteers, some from this foundation, some from other foundations. Again, trying to build that cross-community connection, I found volunteers from other communities that are adjacent to confidential computing and would benefit from using it, like cloud native computing. We're all going to need to get there and lots of companies in this space are doing confidential containers or confidential VMs. It made sense. It was a natural fit there. I put together a team of volunteers and put together a day, a single day of events, one track of invited talks, and a couple of different rooms for developers to just go meet and hash out ideas. Each room had a moderator, our facilitator, who was just there to keep things on the rails and take some notes and call time. That was really it. Some of those rooms were fantastically successful. Here, I'm defining success as more than four people had a good conversation. Right. That advanced the cause. Yes. It advanced the technical work that the people were doing. At the beginning of the day, here's the fun of an unconference is I didn't set the schedule. Other than those invited talks, I didn't set the schedule. Everyone who attended, and I think we had 300-ish, 250 attendees, something like that. I have to go check my notes. A bunch. It was really good for a pandemic conference. They all pitched in their own ideas, and all we did was hold the space for smart folks with ideas to get together and talk about it and advance this work. The minimal viable governance and action. Exactly. There's something I think it might be worth sort of explaining, which we haven't really touched on, actually. When Ava says she managed to get stuff together, and these different projects, you might assume that these projects are very aligned technically. Things like the OpenStack community, for instance. They're all parts of OpenStack. They're all part of one thing. They fit together. CCC has a whole bunch of projects which have different approaches using different technologies, different programming languages, at different places in the stack to do stuff associated with confidential computing. I think things like the SIG, the Special Interest Group on Attestation, is where we're bringing some of their concerns together. But when it comes down to it, if you look at the work that NOx is doing, versus the work that Grameen is doing, versus what Oculom is doing, versus what the OESDK, OpenOclair SDK is doing, they have very different approaches. You can't just assume that people are going to work together. It takes some doing to find points of reference, share points, and sometimes points of contention is useful as well. Something you can niggle at, which is different from sets of people. That could be a good starting point for discussion and stuff as well. I don't mean a bad way. We're doing things this way. You're doing things this way. Let's talk about why that is. That can be as useful as saying, well, let's all do it the same way. I think that you mustn't assume when you come to the CCC that all of the projects look together and you can have one makescript and it all works together. It's almost the opposite of that. Back to building an ecosystem. An ecosystem is a really diverse place. In fact, that's really important because part of the ecosystem is something that we're working on at the moment is about this user, what's it called? The end user council. The end user advisor council. That's why I was getting the wrong names of that. That's trying to encourage people who wouldn't necessarily be part of the consortium because they're not doing the technical low-level stuff or they're not invested at that sort of level, but want to be using confidential computing for stuff, whether it be banks or governments or pharmaceutical companies or healthcare or Edge or whatever it may be saying, come, here's a space where you can discuss what your use cases are, talk to some of the engineers from the projects, talk to the tech, talk to the outreach, maybe find out a bit more about how the market's developing, where it might go, what the size of the market, all those sorts of things. I think that's a really important way of looking at the broad ecosystem beyond just the sort of fairly tight set of folks who are doing the actual work on it. People are going to use the framework on which hopefully the CCC projects are building. I'm going to bridge that because we've just got about three minutes left and so I thought, let's close on what do we think is next for this? I'll just start, Mike, because I want to build on the comment you just made, which is I think what's next is really helping get this out into the wild. I think this is also an important part of the vision for the confidential computing consortium is it's not just about defining the technologies and bringing the technical people together, it's also about getting industry involved and helping people see how they can apply technologies in practical ways. It may be a banking organization, I know I'm working with a big medical researcher who's using confidential computing to develop algorithms that are going to diagnose disease for all of us on the hospital setting. These are things that weren't possible before in the world without these sorts of enabling technologies. I think that's what I'm excited about is with the foundation we build organizationally and collaboratively across this technology ecosystem now being able to go to the end users and say, here's what you can do with it. What do you want to see happen? What's your hope for what happens next? Where do you see this going? I see two things. Hopefully I have time to cover both of them. First is growth of attestation. We have the attestation working group that I've kicked off and Mike helped form back in April or so of this year 2021. I think attestation is increasingly proving itself to be the axle, the center of so much work across a wide swath of the sort of evolution of secure distributed computing. And privacy concerns globally are becoming seen and talked about as a fundamental human right. European law, India, a lot of other countries have been passing or debating these laws, California and Washington state as well. So I think this consortium and the products and companies involved here have a pretty unique opportunity to really support increasing, protecting individual privacy or conversely doing a lot of harm to it if we enable companies to abuse that. So there's responsibility here as well. So I'll try to be very quick. I've got two things as well. One is I think we're seeing frameworks. I think we're seeing a discussion on and a convergence on what it means and what companies need and how those solutions will come out, which is great. Let's begin to mature. The other thing is I want to meet some people again and see them in real life because I think this is a really important thing for the industry. I really do. We welcome more people to come along to our meetings. We'd love to see you and hopefully we can meet up in real life at some point. That would be great. And thank you, David. Thank you, Ava, as always for a great time. I really enjoyed myself. Thanks, David. Thanks so much. Everyone, thank you everybody for joining us. It's a pleasure working with both you, Mike and Ava, and making the consortium successful. If you're interested in what you heard here in the session today, I'd encourage you to visit ConfidentialComputing.io. You'll see more information there about the consortium, opportunities to get involved, the members and the work that we're doing. Hopefully you've learned something here both about confidential printing as a technology, but also about just how to build and evolve a thriving organization and thriving consortium. Thank you everybody for joining us and enjoy the rest of the conference. Thanks a lot. Bye.