This list was created based off of real security vendor interactions that I and a friend have experienced.
1.Customer: Have you had a security evaluation of your product?
Vendor: Yes, Kevin Mitnick has performed a pen test against our product. (sorry kevin! :)
2. The vendor comes to your office and pitches you a presentation on X then hands you a business card without the company name on it.
3. The vendor pitches their security scanning product to you about how it finds all web based vulnerabilities. Shortly afterwards a vulnerability is disclosed on their own website in a public forum discussing the same exact vulnerability type the product should have found.
Customer: What can your product do, that your competitors can't?
Vendor: Well we use intelligent logic in our product, unlike the competition that uses dumb checks.
5. The security scanning vendor incorrectly writes a popular vulnerability signature and you have to explain to them how to fix it.