How the heck did that happen?

They just took your business.

Do you know what sucks? Losing a HUGE sales opportunity that was custom made for your company. Literally custom-made: you worked with the executive sponsor and wrote the RFP for her. You spent hours in that window-less room and on the phone with your prospect making sure you had all your differentiators captured so that no competitor could come close to your perfect score. You had full buy-in. You even made one of your champions the godfather to your child – that is how much time you spent with this company. Oh and they liked your product. They LOVED your product. They wanted your product. This bid was just a formality to make the pencil-pushers in procurement happy.

But you lost. You lost the opportunity and as a result you missed your number this quarter. Now your year is at risk.

How could you have lost? And to whom?

And that’s when it gets worse.

You find out on that personal phone call late in the evening the money went to your spineless competitor. Yes, the so basic competitor that is lightyears behind you in technology, in features, in support. Literally there is nothing they have that you don’t do better. Worse, they blatantly copy your product positioning and follow your every move, nipping at your heels (you assume they are just hoping you will acquire them to get them out of your way).

But they won and you lost. Why? How? What?

Because your software product couldn’t pass a security audit and theirs could.

How did you miss the requirement for a security audit? The typical answer is because it’s new to the prospect’s procurement process, but it is happening everywhere. You may have written those RFP categories specifically for your product, but you didn’t read the tea-leaves of the changing market producing a new decision influencer in the security team.

Secure software products are no longer an unspoken, never validated expectation. Security evaluations are rapidly becoming the expectation rather than the exception. Now that you recognize this trend, you realize more of your prospects are asking about the security of your product. You have been able to bluff previously, but not anymore.

How do you learn from this experience? How do you ensure you never feel this pain again? Because if you don’t change something at your company and with your product, you will feel this pain repeatedly in the future.

Building a product security strategy to ensure your software always passes with flying colors requires buy-in from your leadership team, but when you can point directly to lost opportunities, they are quick to get on board.

But even better than playing catch-up is to develop your product with security in mind from the beginning so that you won that customer. Don’t wait to embrace security into your software product. Get started now and avoid the hard lesson. 

About Anne Nielsen

Senior Product Manager for Veracode’s IT Supply Chain product line. Anne works with Veracode’s enterprise customers to reduce the risk from their third-party applications, frameworks and components. She also works with Independent Software Vendors (ISVs) to ensure they meet corporate security policies for their enterprise customers, based on minimum acceptable levels of risk.

Comments (0)

Please Post Your Comments & Reviews

Your email address will not be published. Required fields are marked *

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.