Tom's Blog and the SBOM Forum need your support today

My name is Tom Alrich. In 2013, I started writing a blog about upcoming changes in the NERC CIP cybersecurity standards for the electric power industry. Since then, I have written over 500 posts about CIP and about 700 on other cybersecurity topics. I estimate that I have around 2,000 regular readers worldwide, with 20-30,000 pageviews per month.

I also lead the OWASP SBOM Forum and the OWASP Vulnerability Database Working Group. These groups are currently focused on two issues, which I also discuss extensively in my blog. The two issues are:

The other area on which I have been, and will continue to be, focused is the NERC CIP cybersecurity standards. The biggest concern in CIP compliance today is the fact that the larger electric utilities and IPPs are currently "forbidden" to utilize cloud services for their OT assets - while at the same time, software developers are continually moving toward cloud-only delivery of their software.

This is obviously not a sustainable situation. Last year, a new NERC Standards Drafting Team started woking on new and/or revised CIP standards to address this problem. I will continue to write about the major issues that affect development of the new standards, as well as how electric utilities can utilize the cloud today.

In my 12 years of writing this blog, I have been told many times that I should either accept advertising or charge a subscription fee. Neither of those options is appealing to me. However, this is becoming an increasingly untenable situation, since I can't continue writing the blog without some financial support.

I would very much appreciate if everyone who reads my posts, or attends meetings of the OWASP SBOM Forum and/or the Vulnerability Database Working Group, could donate a $20-$25 “subscription fee” once a year (of course, I welcome larger amounts as well!). Can you help these efforts continue?

Thank you!