|
|
|
|
|
|
by tensor
2103 days ago
|
|
|
This is not my experience. I've had buyers push on specific software. E.g. I've had one push back and arbitrary state that we must use "paid" source code analysis vs an open source solution. No reason given. I've had another say that vendor supplied antivirus is not good enough (e.g. Windows Defender or Apple Xprotect). Again, no reason given. |
|
|
It doesn't surprise me in the least that you didn't get any feedback. The default option for these companies is to make you accept their specific blend of security requirements... Of course, you then have to support that forever...
I've had good luck setting up a meeting with both the due diligence person and the actual buyer/champion present. It's often easier to explain your stance in person and the buyer is going to stop the due diligence person when he's getting into the weeds.