This list was created based off of real security vendor interactions that I and a friend have experienced.
1.Customer: Have you had a security evaluation of your product?
Vendor: Yes, Kevin Mitnick has performed a pen test against our product. (sorry kevin! 🙂
2. The vendor comes to your office and pitches you a presentation on X then hands you a business card without
the company name on it.
3. The vendor pitches their security scanning product to you about how
it finds all web based vulnerabilities. Shortly afterwards
a vulnerability is disclosed on their own website in a public forum
discussing the same exact vulnerability type the product
should have found.
4.
Customer: What can your product do, that your competitors can't?
Vendor: Well we use intelligent logic in our product, unlike the competition that uses dumb checks.
5. The security scanning vendor incorrectly writes a popular
vulnerability signature and you have to explain to them how to fix it.
