I’ve been in the grind of trying to get a startup off the ground and not succeeding.
I’m personally am not in a position to make purchases decisions and that makes me think that that might be one of the challenges you might be facing.
In quite a few of the companies that I’ve been there’s some sort of code scanning in the CI/CD but it’s often not placed there by developers by choice but by policy.
Fear is a powerful emotion that sells and many other companies that might something similar to what you are doing are using it, but giving users poorer quality than what you might.
How about consider targeting VPs and C-suite in your marketing/sales? Is your organization vulnerable? Have you consider the cost of a leak because of a vulnerable dependency? Paying us $$ protects you from having to face $$$$ plus public shame.
Use case studies like that nefarious npm package that was part of a bunch of legitimate packages but nobody knew about (you likely know a lot more about vulnerable packages than me!)
How about hiring sales? having an enterprise pricing structure? Browsing through the OWASP I found codescan, which I think is used by my organization… they have no pricing info in the pricing page (you can guess that it’s expensive), the code I work on passes their scan but I still get quite a few HIGH and MEDIUM warnings when I run npm install.
Tell people how the stuff they are paying $$$ for is still leaving them vulnerable!
I know I haven’t fixed those dependencies vulnerabilities because is nowhere to be found in the backlog and thus I’m not payed for it.
Feel free to throw away everything I said, but I wish y’all the best of luck in business and if you know you are doing something better than others, see what the others are doing and take away their clients to the better thing you have!!
I’m so sorry to hear that :-(
I’ve been in the grind of trying to get a startup off the ground and not succeeding.
I’m personally am not in a position to make purchases decisions and that makes me think that that might be one of the challenges you might be facing.
In quite a few of the companies that I’ve been there’s some sort of code scanning in the CI/CD but it’s often not placed there by developers by choice but by policy.
Fear is a powerful emotion that sells and many other companies that might something similar to what you are doing are using it, but giving users poorer quality than what you might.
How about consider targeting VPs and C-suite in your marketing/sales? Is your organization vulnerable? Have you consider the cost of a leak because of a vulnerable dependency? Paying us $$ protects you from having to face $$$$ plus public shame.
Use case studies like that nefarious npm package that was part of a bunch of legitimate packages but nobody knew about (you likely know a lot more about vulnerable packages than me!)
How about hiring sales? having an enterprise pricing structure? Browsing through the OWASP I found codescan, which I think is used by my organization… they have no pricing info in the pricing page (you can guess that it’s expensive), the code I work on passes their scan but I still get quite a few HIGH and MEDIUM warnings when I run npm install.
Tell people how the stuff they are paying $$$ for is still leaving them vulnerable!
I know I haven’t fixed those dependencies vulnerabilities because is nowhere to be found in the backlog and thus I’m not payed for it.
Feel free to throw away everything I said, but I wish y’all the best of luck in business and if you know you are doing something better than others, see what the others are doing and take away their clients to the better thing you have!!