This post is available to free and paid subscribers to my Substack blog. If you're not already a subscriber, you can sign up when you ope...| tomalrichblog.blogspot.com
For reasons I don’t understand, two of my recent posts, along with one that’s a year old, have suddenly become huge favorites and are gettin...| tomalrichblog.blogspot.com
Note from Tom: I am now putting up all my posts in my Substack blog, but only select ones in Blogspot. Enjoy this post, but please also subs...| tomalrichblog.blogspot.com
I’ve written a lot about the purl (Product URL) software identifier in the past year. While I’ve been a big fan of purl since the OWASP SBO...| tomalrichblog.blogspot.com
Note from Tom 7/27: Kevin Perry, retired Chief CIP Auditor of the SPP Regional Entity and co-leader of the NERC Standards Drafting Team that...| tomalrichblog.blogspot.com
In September 2022, a group that I lead, the SBOM Forum – now the OWASP SBOM Forum – published a white paper that described a number of s...| tomalrichblog.blogspot.com
For a year and a half, I’ve been talking about what I call the Global Vulnerability Database (GVD) – which isn’t a single database at all, b...| tomalrichblog.blogspot.com
As any reader of this blog knows, the National Vulnerability Database (NVD) fell on its face last year. Starting on February 12, the NVD d...| tomalrichblog.blogspot.com
My book, which I’ve been working on for three years, is now available on Amazon, both in the US and internationally; it is also available ...| tomalrichblog.blogspot.com
