Who is Richard Ewing?

Richard Ewing is a Product Economist and AI Capital Auditor. He is the Founder of Exogram, a verification infrastructure for AI. He audits R&D spend and surfaces hidden capital risks like technical debt, AI cost overruns, and zombie infrastructure. He has scaled B2B SaaS from $0 to $25M ARR. Published in CIO.com, Built In, Mind the Product, and HackerNoon.

What is a Product Economist?

A Product Economist treats product decisions as economic decisions. Instead of measuring velocity or story points, a Product Economist measures Return on Invested Capital (ROIC), Cost of Goods Sold efficiency, and technical debt in dollar terms. The methodology was coined by Richard Ewing.

What is the Technical Insolvency Date?

The Technical Insolvency Date (TID) is the specific quarter where maintenance costs consume 100% of available engineering capacity, reducing feature velocity to zero. Calculate yours free at richardewing.io/tools/pdi.

Exogram is verification infrastructure for AI, founded by Richard Ewing. It prevents hallucination propagation with admissibility control planes and state-hashing commit enforcement. LLMs generate language; Exogram maintains reality.

How do I calculate technical debt cost?

Use the free Product Debt Index (PDI) calculator at richardewing.io/tools/pdi to quantify hidden technical debt in dollar terms, calculate your Technical Insolvency Date, and benchmark against industry standards.

How much does AI cost per query?

AI costs range from $0.0001/query for small models to $0.10+/query for frontier models like GPT-4. Use the free AI Unit Economics Benchmark (AUEB) at richardewing.io/tools/aueb to calculate your specific AI cost structure.

Glossary/Penetration Testing

Security & Compliance

1 min read

What is Penetration Testing?

TL;DR

Penetration testing (pen testing) is the practice of simulating cyberattacks against your systems to identify exploitable vulnerabilities before real attackers do.

Penetration testing (pen testing) is the practice of simulating cyberattacks against your systems to identify exploitable vulnerabilities before real attackers do. Unlike vulnerability scanning (automated tool-based), pen testing involves skilled security professionals actively attempting to breach your defenses.

Pen test types: black box (tester has no prior knowledge), gray box (tester has partial knowledge like API docs), and white box (tester has full knowledge including source code). White box testing is most thorough but takes longer.

Common findings: injection vulnerabilities (SQL, command, LDAP), authentication bypass, API security gaps (rate limiting, authorization), data exposure through verbose error messages, and privilege escalation.

Pen testing frequency: annually at minimum, plus after major releases or infrastructure changes. Cost ranges from $5,000-50,000+ depending on scope and depth.

Why It Matters

Pen testing reveals real-world exploitable vulnerabilities that automated tools miss. Many compliance frameworks (SOC 2, PCI DSS, HIPAA) require periodic penetration testing.

Frequently Asked Questions

What is penetration testing?

Simulating cyberattacks against your systems using skilled security professionals to find exploitable vulnerabilities before real attackers do.

How often should you do penetration testing?

Annually at minimum, plus after major releases, infrastructure changes, or acquisitions. Some compliance frameworks require more frequent testing.

Need Expert Help?

Richard Ewing is a Product Economist and AI Capital Auditor. He helps companies translate technical complexity into financial clarity.

Book Advisory Call →

Explore More

Why It Matters

Frequently Asked Questions

What is penetration testing?

How often should you do penetration testing?

Related Terms

Need Expert Help?

Explore More

Free Tools

Glossary

Frameworks