Qualys CTO's security research leads him to Congress, the FBI and the SANS Institute With connectivity comes vulnerability, a topic that preoccupies Gerhard Eschelbeck, CTO and vice president of engineering at Qualys, which uses Web services to provide on-demand security audits. In 2003, he conducted real-world research on security problems, looking at impact and prevalence, and testified about his results before Congress in September. The FBI and the SANS Institute also consulted Eschelbeck in compiling their list of top 20 vulnerabilities, and more than 1,200 customers (including Hewlett-Packard and Mercedes-Benz) use Qualys’ service.But Eschelbeck, one of two CTOs to be named to our list twice, believes that the security industry has its work cut out for it. ”The key is to define and implement standardized interfaces based on XML that can be adopted and supported by the security community at large,” he says. Software Development