[adityar]

I find "X does Y, why don't you?" As a means to keep vendors from becoming complacent. As customers, we don't know what the tools limits are. Sometimes, vendors will not invest in improving their tools/results without a credible threat. The results from competing vendors is the closest you can get to impartial results that create pressure to perform.

[criticaltinker]

I think that is a reasonable counter argument to the solid advice GP shared. In my experience, vendors are usually well aware of their competition. It’s a thin and subtle line between motivating them and recklessly sharing details regarding trade secrets, IP, competitive advantages etc.

Only mentioning this because I wish someone had clued me in earlier in my career. I only learned after my friend in opsec called me out for my loose lips.

[vvanders]

A good chunk of my time was in SoC eval so if the vendor was being complacent they didn't get the bid. You should always be running multiple solutions so you don't get locked in with a certain vendor(and also a really good reason to keep any tech stack you have highly portable).

Even then though there's ways to approach it that don't disclose. You can set KPIs that you expect to hit and talk through how they plan too approach it from their side. If something is known in the public you can reference it although I generally prefer not to.

Depending on what part of the industry you're in some vendors prefer not to patent and keep approaches internal so discussion of certain aspects can be pretty sensitive.