Why?

I strongly believe that improving the foundations that software supply chain security rests on is important, and that a more pedantic and principled approach to this problem is necessary as AI changes both how we produce software, and how easy it is to attack software.

This is why I founded Groundry: to pursue this research full-time, while increasing the impact of my work by working directly with a select number of clients and other partners.

Terms

Specifically, I offer consulting to a small set of clients (five or less depending on other sources of funding) for a

monthly retainer fee of € 2400 for ~17 hours per month (4 hours per week).

Clients pay this fee no matter if they have work for me that week or not. Any time that is not directly consumed by clients is invested in my research, the results of which are made available to both my clients and the public. Ideally, I want clients to be happy no matter how much help they needed in a given week.

I use the Nix ecosystem as an open reference that I upstream my work to and expect to make different arrangements for non-profit partners and directly contributing to open source.

Clients

I envision my clients as

  • large organizations with strategic interest in software supply chain security or exceptional supply chain security needs,
  • interested in extending your own cloud build system to meet your own supply chain security needs, or
  • wanting to better meet your own, or your customer’s supply chain security needs, as an organization already invested in the Nix ecosystem.

At the same time I don’t expect to spend consulting time only on bleeding edge supply chain security issues, but am happy to meet clients where they are, and make realistic improvements from there.

The output from my research represents a pooling of resources among my clients and partners.

How I might help

I want to help clients strategically through tasks like

  • researching new and existing solutions to your problems,
  • verifying the supply chain security properties of proposed solutions,
  • offering guidance on various topics like hiring for relevant roles, and
  • efficient and effective knowledge transfer, or simply
  • giving a different perspective.

As part of this venture, I do not want to do significant amounts of implementation work behind closed doors, mostly for impact and efficiency reasons, but I will happily sit down and figure out the technical details your security relies on.

What’s in it for me?

Groundry allows me to pursue the kind of work I want to do, on my own terms. As I’m building this venture, I’m curious to learn what it would take for your organization to work with me, and I’m open to discussing other opportunities and modes of compensation.

What’s next?

If you are curious about the ideas I’m pursuing, take a look at my paper at SCORED ‘24, which is the basis of my ongoing work. I’ve also published Vibenix, an AI assistant for software packaging with Nix, which could help migrate lots of software to Nix efficiently. I have other ideas I would like to discuss on here or with you in person.

I may adapt the contents of this page as I go.