Supporting Shadowserver Through Optional Voluntary Invoicing

August 11, 2020

There are many ways to support the public benefit mission of The Shadowserver Foundation. One of those is the concept of optional “voluntary invoicing”, which provides organizations with a familiar mechanism to contribute financially. Details about this and other ways to help support Shadowserver are provided below.

Shadowserver recently suffered an unexpected and major reduction in funding. Since then, we have been working hard to make sure that our public benefit mission continues. With terrible timing for us and all of our constituents, we launched our urgent funding appeal in March 2020, just as the world was locking down due to the COVID-19 pandemic. Our initial focus had to be on ensuring that our core US data center infrastructure and operations staff could continue in 2020. Happily, with the help of the community, the immediate disaster has been averted and we are moving data center August 14th-19th. But we still need additional financial assistance to guarantee Shadowserver’s long term sustainability for 2021 onward too.

Our daily Internet-wide scanning exposes misconfigurations and vulnerable systems that criminals seek to exploit. Our malware collection and analysis, and extensive botnet sinkholing activities, shine a light on potentially compromised systems. Shadowserver makes all of that information available at no cost to the organizations and people that have a responsibility for securing networks, including 112 National CERT/CSIRTs covering 140 countries, and 5800 network owners internationally. We have a global mission to make the Internet more secure through the sharing of data.

We have been amazed at the generous support during the past four months. Many people and organizations have rallied to our cause, because they understand that nobody else provides the same broad and deep public benefit services that we do. We are a team of passionate technologists who act altruistically, are apolitical, and share equally at a global scale – for the benefit of all Internet users. This was a path we set for ourselves over 15 years ago in order to fill a vacuum and we have never wavered in our determination. Our success to date has only been achievable thanks to donations, sponsors and project funding that aligns with our mission.

We are a non-profit organization (NPO) and, as such, can receive tax-deductible charitable donations either in the US or the EU through our US 501(c)3 or Dutch Stichting legal entities.

However, some organizations and supporters meet internal blockers when making international charitable donations, especially for recurring payments. So, as an alternative, we wondered if it might be easier for people to pay for our daily network reportsbut only if they wanted to?

Wait. Does This Mean That Shadowserver Is Going Commercial?

No! As long as it is possible for us to keep operating, our reports will always be provided freely to any network owner or National CERT/CSIRT. Nothing has changed, or will change there. Shadowserver is definitely not going commercial.

However, ‘free’ does not mean that something lacks value or does not cost money to create – ultimately our public benefit services have to be funded somehow. Our free daily reports and the extensive data center infrastructure required to generate them cost a significant amount of money to operate. Our ability to produce our reports and keep Shadowserver running is dependent on being able to continue to pay for hardware, staff and services.

For many years our largest sponsor Cisco had mostly (and to their credit, quietly) carried many of these costs for the benefit of all. Their generosity meant that thousands of organizations could be notified every day about misconfigured, exploitable and compromised systems, or other security incidents, and be protected, at no cost to the end users. But we now have to find other non-commercial ways to continue delivering our public benefit services.

The services we currently provide will continue to be provided at no cost to the end users. That is not changing. But, as a complementary alternative to project sponsorship and non-profit donations, organizations now have the option to pay Shadowserver through voluntary invoicing on request, to help pay for maintaining those services.

Whilst our services and daily reports have been provided at no cost, they are greatly valued by the recipients who have been benefiting from them for many years – whether they are the National CERTs/CSIRTs, businesses of all sizes, academic networks or public services around the globe. Many of these constituent organizations depend on our reports in order to carry out their own missions.

So How Do Voluntary Invoices Work?

Since our urgent call for funding, many organizations have asked us to submit voluntary invoices to them – either to explicitly cover providing our daily network report data feeds, or more generally, towards the operational cost of providing Shadowserver’s public benefit services – at an amount that they have determined they can afford to pay. Voluntary invoices can be issued by Shadowserver just like regular business procurement, including providing offer letters, completing supplier on-boarding processes, invoicing against purchase orders, issuing receipts of transactions, etc.

The amount any organization might choose to request a voluntary invoice for will obviously depend on their own financial situation, their internal procurement processes and how highly they value our public benefit services. So far, requests for voluntary invoicing have ranged from a few thousands to tens of thousands of dollars a year and upwards. Every voluntary invoice paid has contributed to our efforts to continue Shadowserver’s public benefit mission and help better secure the Internet.

Why Consider Voluntary Invoicing?

Knowing what a criminal can see from the outside of your network is something that you could work out yourself, but it would cost you time, money and valuable work cycles. Detecting compromised computers inside your organization that have become infected with malware and are exfiltrating sensitive data to criminal systems can often take many hours of incident response time. Shadowserver’s mix of 80 different network report types can significantly reduce that effort and improve your incident response vulnerability remediation capabilities.

Due to the COVID-19 lockdown, many organizations are finding themselves with unexpected unspent travel budgets. Others have the ability to easily make IT/business purchases up to pre-set limits, without the perceived time-consuming complexity of having to work out how to make a tax-deductible donation to an international NPO. Other constituents simply want to do what they can to support our services continuing to be available (to them and to everyone else too), but need to have an invoice to tie it to for their own business processes. Voluntary invoicing may help in these circumstances.

Any organization connected to the Internet faces the risk of computer intrusions, systems compromises, data breaches and the associated damage arising from data and intellectual property loss, ransomware, PII/HR/financial/health data leaks and the associated regulatory, liability, reputational and customer confidence impacts. We hope that receiving Shadowserver’s free daily network reports can potentially identify exposures and vulnerabilities, allowing you to quickly remediate them before they are detected and exploited by criminals. This may better protect your valuable data, or even save your business from major losses or bankruptcy.

If your organization would like to be credited for your support for our mission and services, at your request, we can provide public recognition of your voluntary invoicing (or other) contribution on our website/blog and on social media.

How Can I Help Support Shadowserver?

Talking to many of our constituents, it seems that we did not previously do a good job of making the community aware that voluntary invoicing was something Shadowserver could actually offer. Since a number of organizations have approached us since March and successfully supported us this way, we would like to formally announce to all that we are happy to issue voluntary invoices upon request.

That means you can support Shadowserver’s urgent financial need through the following funding routes:

Charitable Donation:

If you can donate to Shadowserver, this is probably your best option – particularly for large donations, since it is most tax efficient for you. Please contact us here and we can discuss the best route for you.

Voluntary Invoice:

If you would prefer that we issued you with a standard invoice, so you can show that you account for what we provide, we can issue an invoice accordingly – you decide how much you wish to pay for our services and over what time period. To request a voluntary invoice, please reach out here.


Best for smaller or personal donations as it is quick and easy. Please follow the link here.

Funded Projects:

Sponsorship of projects and services, including Honeypots-as-a-Service, will be covered in an upcoming blog post. We will also be discussing our new Shadowserver Alliance and evolving funding strategy for 2021 and beyond. In the mean time, if you have a project that you think we can support and it fits with our wider mission to make the Internet safer (for example, it might lead to new data being made available to network owners for free) we are interested in hearing from you now. We can be contacted here to start the conversation.

Infrastructure Donations:

Not every donation needs to be financial. We deploy a wide range of different infrastructures outside of our core data center, in many international locations, using a mix of donated and rented dedicated servers, Virtual Private Servers (VPSes), Virtual Machines (VMs) and IP netblocks. These systems are used for data collection systems, such as honeypots and other sensors, sinkholes and scanning platforms. We can almost always make use of extra infrastructure, even small low spec VPSes/VMs as passive scan detection sensors. If your organization is able to provide these kind of resources, either for free or at reduced non-profit rates, please reach out.

Sign Up For Our Reports

We understand that some people may not be able to contribute financially at this difficult time. To draw again on the well-worn COVID-19 analogy – nobody wants to be a victim or a “super-spreader”. This is as true online as it is in the physical world. Our primary goal is to help you to keep your networks safe and secure, and signing up for our free daily network reports is a simple practical step that you can take to help protect all of your users. Whether or not you’re able to pay to help support our public benefit services, every vulnerability spotted and every attack prevented makes the Internet a little bit safer for everyone. As good citizens of the Internet, that is a goal we hope we can all believe in and strive for together.

If you can help fund Shadowserver, or know someone who can, please reach out on social media and help get the message out, or get in touch by email, urgently.

Looking to the Future

While voluntary invoicing and the generous donations and sponsorships we have received so far are helping to reach our urgent 2020 funding goals, we cannot forget that the long term funding and sustainability of Shadowserver is something that will now need to be a focus every year. We are developing different governance and funding models to help move Shadowserver from being heavily reliant on a single major donor to become more of a truly community driven organization. Through the upcoming Shadowserver Alliance we will be able to build a long term sustainability model that will allow for more diverse sources of funding and management. While the details of the Shadowserver Alliance are still in development, we already have several key organizations looking into multi-year support via this model. We will be providing more details in the coming weeks.


The Shadowserver Foundation Team

Recent Articles