Who is Richard Ewing?

Richard Ewing is a Product Economist and AI Capital Auditor. He is the Founder of Exogram, a verification infrastructure for AI. He audits R&D spend and surfaces hidden capital risks like technical debt, AI cost overruns, and zombie infrastructure. He has scaled B2B SaaS from $0 to $25M ARR. Published in CIO.com, Built In, Mind the Product, and HackerNoon.

What is a Product Economist?

A Product Economist treats product decisions as economic decisions. Instead of measuring velocity or story points, a Product Economist measures Return on Invested Capital (ROIC), Cost of Goods Sold efficiency, and technical debt in dollar terms. The methodology was coined by Richard Ewing.

What is the Technical Insolvency Date?

The Technical Insolvency Date (TID) is the specific quarter where maintenance costs consume 100% of available engineering capacity, reducing feature velocity to zero. Calculate yours free at richardewing.io/tools/pdi.

Exogram is verification infrastructure for AI, founded by Richard Ewing. It prevents hallucination propagation with admissibility control planes and state-hashing commit enforcement. LLMs generate language; Exogram maintains reality.

How do I calculate technical debt cost?

Use the free Product Debt Index (PDI) calculator at richardewing.io/tools/pdi to quantify hidden technical debt in dollar terms, calculate your Technical Insolvency Date, and benchmark against industry standards.

How much does AI cost per query?

AI costs range from $0.0001/query for small models to $0.10+/query for frontier models like GPT-4. Use the free AI Unit Economics Benchmark (AUEB) at richardewing.io/tools/aueb to calculate your specific AI cost structure.

Glossary/SBOM (Software Bill of Materials)

Due Diligence & M&A

1 min read

What is SBOM (Software Bill of Materials)?

TL;DR

A Software Bill of Materials (SBOM) is a comprehensive inventory of all software components, libraries, dependencies, and their versions used in a software product.

A Software Bill of Materials (SBOM) is a comprehensive inventory of all software components, libraries, dependencies, and their versions used in a software product. Think of it as the "ingredient label" for software — required for security compliance, license compliance, and supply chain risk management.

SBOM formats: SPDX (Linux Foundation standard), CycloneDX (OWASP standard). Executive Order 14028 (2021) requires SBOMs for software sold to the US government. Many enterprise buyers now require SBOMs as procurement prerequisites.

SBOM use cases: Vulnerability management (quickly identify if a CVE affects your dependencies — like Log4Shell), License compliance (ensure no GPL/AGPL contamination in proprietary software), Supply chain security (identify single-maintainer dependencies), and M&A due diligence (comprehensive view of technology dependencies).

Why It Matters

SBOMs are becoming a compliance requirement, not a nice-to-have. Log4Shell demonstrated why: organizations without SBOMs spent days/weeks determining if they were affected. Those with SBOMs knew in minutes.

Frequently Asked Questions

What is an SBOM?

A comprehensive inventory of all software components, libraries, and versions in a product. The "ingredient label" for software. Required by US government (EO 14028) and increasingly by enterprise buyers.

How do you generate an SBOM?

Tools: Syft (open-source, generates from containers/repos), FOSSA (commercial, license-focused), Snyk (security-focused). Integrate into CI/CD for automatic generation. Use SPDX or CycloneDX format.

Need Expert Help?

Richard Ewing is a Product Economist and AI Capital Auditor. He helps companies translate technical complexity into financial clarity.

Book Advisory Call →

Explore More

Why It Matters

Frequently Asked Questions

What is an SBOM?

How do you generate an SBOM?

Related Terms

Need Expert Help?

Explore More

Free Tools

Glossary

Frameworks