Comments on: A Tale of Two Vendors or Security Sells http://www.securitycatalyst.com/a-tale-of-two-vendors-or-security-sells/ Michael Santarcangelo delivers Awareness that Works™ Wed, 01 Sep 2010 14:21:57 +0000 hourly 1 http://wordpress.org/?v=3.0.1 By: Bill Pennington http://www.securitycatalyst.com/a-tale-of-two-vendors-or-security-sells/comment-page-1/#comment-889 Bill Pennington Mon, 30 Mar 2009 19:52:29 +0000 http://www.securitycatalyst.com/?p=1126#comment-889 @Vincent: Yes they seemed rather naive about the whole process and defensive to the point of aggression. Them: "This can't happen cause of 1,2,3!" Us: "Click here and tell me if that is data from your DB." Them: "But you have to be logged in..." Painful @Michael - Good point and one that I had not thought about before but yes #1 was much larger than #2. @Vincent: Yes they seemed rather naive about the whole process and defensive to the point of aggression. Them: “This can’t happen cause of 1,2,3!” Us: “Click here and tell me if that is data from your DB.” Them: “But you have to be logged in…” Painful

@Michael – Good point and one that I had not thought about before but yes #1 was much larger than #2.

]]> By: Michael Dickey http://www.securitycatalyst.com/a-tale-of-two-vendors-or-security-sells/comment-page-1/#comment-888 Michael Dickey Mon, 30 Mar 2009 19:04:17 +0000 http://www.securitycatalyst.com/?p=1126#comment-888 I just wanted to post back my kudos for valuing security and sticking with a vendor who responded who I think we wish all vendors did. Too often, I think many decisions like this would still go with vendor #1 because they had better features...which keeps us all in the hole trying to dig out. So, good job! As a second thought, I wonder if the size of the two vendors had any bearing on the response? For instance, if Vender #1 is large and slow-moving and Vendor #2 smaller and more agile. I just wanted to post back my kudos for valuing security and sticking with a vendor who responded who I think we wish all vendors did. Too often, I think many decisions like this would still go with vendor #1 because they had better features…which keeps us all in the hole trying to dig out.

So, good job!

As a second thought, I wonder if the size of the two vendors had any bearing on the response? For instance, if Vender #1 is large and slow-moving and Vendor #2 smaller and more agile.

]]> By: Vincent Ray http://www.securitycatalyst.com/a-tale-of-two-vendors-or-security-sells/comment-page-1/#comment-885 Vincent Ray Mon, 30 Mar 2009 18:00:16 +0000 http://www.securitycatalyst.com/?p=1126#comment-885 Bill, Excellent write-up. It's refreshing to see both vendor and customer working together to improve a product. Especially in the area of security! More often than not, collaboration between vendors and customers is limited to feature requests. It's a rare find to have someone submit feedback on security. I can't help but feel that Vendor #1 had an inexperienced sales/development team. Security is not to be taken lightly. If you are getting feedback about SQL injection with hard results sitting in front of you, any good developer would take that to heart and do something about it. I'd just like to commend you for being so upfront and positive about help Vendor #2 move forward. Vincent MHelpdesk - <a href="http://www.mhelpdesk.com/service-management-software.aspx" rel="nofollow">Service Management Software</a> Bill,

Excellent write-up. It’s refreshing to see both vendor and customer working together to improve a product. Especially in the area of security! More often than not, collaboration between vendors and customers is limited to feature requests. It’s a rare find to have someone submit feedback on security.

I can’t help but feel that Vendor #1 had an inexperienced sales/development team. Security is not to be taken lightly. If you are getting feedback about SQL injection with hard results sitting in front of you, any good developer would take that to heart and do something about it.

I’d just like to commend you for being so upfront and positive about help Vendor #2 move forward.

Vincent
MHelpdesk – Service Management Software

]]> By: Interesting Information Security Bits for 03/30/2009 | Infosec Ramblings http://www.securitycatalyst.com/a-tale-of-two-vendors-or-security-sells/comment-page-1/#comment-884 Interesting Information Security Bits for 03/30/2009 | Infosec Ramblings Mon, 30 Mar 2009 13:33:16 +0000 http://www.securitycatalyst.com/?p=1126#comment-884 [...] to an important point. We don’t have to be perfect, but we have to be willing to try to be. A Tale of Two Vendors or Security Sells : The Security Catalyst Tags: ( general [...] [...] to an important point. We don’t have to be perfect, but we have to be willing to try to be. A Tale of Two Vendors or Security Sells : The Security Catalyst Tags: ( general [...]

]]>