$1,109 raised
·17 donations
Main fundraiser photo

Tom's Blog and the SBOM Forum need your support today

Donation protected
My name is Tom Alrich. In 2013, I started writing a blog about upcoming changes in the NERC CIP cybersecurity standards for the electric power industry. Since then, I have written over 500 posts about CIP and about 700 on other cybersecurity topics. I estimate that I have around 2,000 regular readers worldwide, with 20-30,000 pageviews per month.

I also lead the OWASP SBOM Forum and the OWASP Vulnerability Database Working Group. These groups are currently focused on two issues, which I also discuss extensively in my blog. The two issues are:
  • How to address the lack of machine-readable software identifiers in most new CVE vulnerabilty records, especially in the National Vulnerability Database (NVD).
  • How to design, fund and implement a free Global Vulnerability Database (GVD). This will provide a single "intelligent front end" to major vulnerability databases worldwide, without requiring creation of a hugely expensive single database.

The other area on which I have been, and will continue to be, focused is the NERC CIP cybersecurity standards. The biggest concern in CIP compliance today is the fact that the larger electric utilities and IPPs are currently "forbidden" to utilize cloud services for their OT assets - while at the same time, software developers are continually moving toward cloud-only delivery of their software.

This is obviously not a sustainable situation. Last year, a new NERC Standards Drafting Team started woking on new and/or revised CIP standards to address this problem. I will continue to write about the major issues that affect development of the new standards, as well as how electric utilities can utilize the cloud today.


In my 12 years of writing this blog, I have been told many times that I should either accept advertising or charge a subscription fee. Neither of those options is appealing to me. However, this is becoming an increasingly untenable situation, since I can't continue writing the blog without some financial support.

I would very much appreciate if everyone who reads my posts, or attends meetings of the OWASP SBOM Forum and/or the Vulnerability Database Working Group, could donate a $20-$25 “subscription fee” once a year (of course, I welcome larger amounts as well!). Can you help these efforts continue?

Thank you!
Donate

Donations 

    Organizer

    Tom Alrich
    Organizer
    Evanston, IL

    Your easy, powerful, and trusted home for help

    • Easy

      Donate quickly and easily

    • Powerful

      Send help right to the people and causes you care about

    • Trusted

      Your donation is protected by the GoFundMe Giving Guarantee