Why Vulnerability Detection is Important in the IT Space

This interview is with Erik Costlow, Senior Director of Product Management of Azul. We will discuss cybersecurity and vulnerability detection.

Hi There! Can You Tell Us Your Name and What You Do?

My name is Erik Costlow, and my official title is Senior Director of Product Management, which means I focus on the “why” of each problem we solve.

Of all the things we can do, why should we choose this? Why does it matter to people?

Now that we know why it matters, in what way will we solve it? Product Management is a triad of skills between engineering, sales, and marketing to understand how everything fits together.

How Did You Get Into the Cybersecurity Space?

I used to build software and thought it was cool to understand what types of corners I would cut.

By looking at systems, I could “figure them out” and make them do things they weren’t supposed to do, and that was pretty fun.

How Have Best Practices in Cyber Security Changed Over the Years?

A lot of the older “ivory tower” practices have been knocked down because the silo of expertise actually made things worse.

By focusing on perfection instead of moving quickly with sometimes messy development, the older practices were basically non-implementable.

I met a CISO once who had a special research matrix computer that cost millions of dollars because every algorithm was mathematically provable and verified – they used it as a doorstop because it was so hard no one could build on it.

What Exactly Is Vulnerability Detection?

Vulnerability Detection takes the last decade of application security and starts moving it into the JVM, where it’s automated and easy.

It really answers three questions: what components do I have (and where are they), are they vulnerable, and do I actually use that vulnerable code?

You’ll see a lot about SBOMs in the industry, so it’s focused on that overall inventory angle.

Why Is Vulnerability Detection Important for Users in the WEB3 Ecosystem?

The basic answer is that security is critically important for every technology and business ecosystem, and the consequences of unpatched vulnerabilities can be catastrophic - particularly for emerging environments.

Being able to rapidly identify and remediate vulnerabilities is one of many important requirements for their next-generation applications.

Thank you for agreeing to this interview Eric.