Tom Alrich is an independent consultant specializing in supply chain cybersecurity and software vulnerability management. Tom has consulted in cybersecurity since 2001, working previously for Honeywell and Deloitte. He writes Tom Alrich’s Blog, which has a worldwide following.
In 2022, Tom founded what is now known as the OWASP SBOM Forum, an informal group of software supply chain security leaders dedicated to identifying solutions to the problems currently inhibiting widespread use of SBOMs. In 2024, Tom formed the OWASP Vulnerability Database Working Group to sort out the numerous but conflicting vulnerability database offerings available to the software security community, as well as discuss improvements and rationalization.
Tom lives in Evanston, Illinois and has a BA in Economics from the University of Chicago.