You have a great idea for a new product – what could possibly go wrong?

One of my favorite games in business[1] is to have a pre-mortem wherein you imagine that you are a year older and wiser and whatever it is you are working on right now fails miserably. I mean, spectacularly – we are talking This game plays into my hyperbolic nature, but also is useful in identifying your biggest risks: Where and why did this go wrong? What do we need to guard against? What is the biggest threat?

Bringing new products to market is rife with threats, especially when it comes to getting customers to buy. As an early-to-market company, you generally focus on the awesome new technology you have created in order to excite the innovation-focused buyers who pave the way for the visionaries that help you refine your product into something that can improve their competitive position. Ironing out this value leads you to mid-market adoption – where all the money is.

As you move across the technology adoption lifecycle, you must make the pivot from tech-focus to company, brand, and reputation-focus.

The mid-market is made up of pragmatic buyers which don’t have the time or energy to evaluate every little start-up and new technology. They want to buy only from industry leaders that will stand the test of time, continue to improve and support the product – and have the partnering organizations for ancillary add-ons and enhanced support. These industry leaders must have the reputation as the “go-to” for solving this problem[2].

Reputation as this leader is a must-have for a startup seeking unicorn status.

There are many threats to a start-up looking to reach the mid-market, but one oft-overlooked threat is to the company’s reputation as trustworthy.

Trustworthiness is not a feature of the product, it is not the smile of the executives or a great color palette in the sales presentations, but it is the consistent focus on ensuring that those customers that have selected the software company as their partner are protected. That the customer is not erroneously identified in marketing presentations without consent, that the customer’s compelling reason for purchasing the product is not broadly shared. And that the customer’s data is stored and maintained securely: both by the company and by the technology product itself.

It is this last part that many software companies are finding more challenging than they initially expected. Developing a culture that sanctifies the trust a customer places in the company takes time but also requires engineering effort to carry the mantra through development and continued innovation on the product. This trust and ensuring it is in not compromised must be part of the development process: one that balances the feature requests from the customers with their best interests for a secure software product.

Buyers don’t trust words, but actions.

Trust once lost can’t be recovered: "It takes 20 years to build a reputation and five minutes to ruin it." --Warren Buffett[3]. How many companies have rebranded rather than tried to resurrect a soiled name?

If you don’t take your reputation as a trustworthy technology company seriously and embed that belief across the organization – from marketing, sales, through to customer service all the way into product development – trust and security will be nothing more than buzz words like “thought leadership” and “efficiency”.

At Veracode, we achieve this embedding through a “top down, bottom up, top down” approach. This means our leadership team stresses how important this is, but we worker-bees also prioritize security and the trust our customers have placed in us. It’s Job 1 to us, so we socialize the mantra amongst ourselves – ensuring that it is preserved and addressed in product grooming sessions, in QA and in release on the product side. This type of entrenching requires constant work, but has proven valuable and repeatable -if you want to learn how we do it, check out our dogfooding approach to secure software development, “Project Purina”. Further, our leadership continuous reiterates and emphasizes our commitment, which re-flavors our Koolaide. However, this is how culture gets made and it ensures that the trust our customers place in our product and in our company is not forgotten or de-prioritized.

After you finish your sales pitch, your prospects may be impressed, but your company’s good name is what has the lasting impact and impression. Protect and enhance your reputation by developing a culture of security and ensure that security is embedded into your product by developing your software securely. Need help getting started on the latter? Check out the ultimate guide to getting started with application security.


[1] If you don’t make up games to keep your job fun, there is something wrong with you or your company.

[2] If any of this sounds familiar, it’s because this is straight out of Moore’s, “Crossing the Chasm” which is an awesome read for anyone working in a tech start-up or business.

[3] This quote is from an Inc. article “30 Quotes on Trust That Will Make You Think” You have a great idea for a new product – what could possibly go wrong?


About Anne Nielsen

Senior Product Manager for Veracode’s IT Supply Chain product line. Anne works with Veracode’s enterprise customers to reduce the risk from their third-party applications, frameworks and components. She also works with Independent Software Vendors (ISVs) to ensure they meet corporate security policies for their enterprise customers, based on minimum acceptable levels of risk.

Comments (0)

Please Post Your Comments & Reviews

Your email address will not be published. Required fields are marked *

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.