Our great sponsors
-
sso-wall-of-shame
A list of vendors that treat single sign-on as a luxury feature, not a core security requirement.
-
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
openbao
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys.
-
I'm not the person you've asked, but I'm somebody who has been purchasing SaaS/software for businesses large and small for years. My take:
1. If SSO and other basic modern security features are locked into "Enterprise" pricing tiers then the service is at the bottom of the list (see: https://sso.tax). I'd love to say instant disqualification but too many SaaS companies have it in their head that only wealthy enterprises use SSO, despite SSO platforms being widely available and some quite cheap to acquire and start using.
2. If I need to request a quote to start any kind of service to see what the product is about then I'm not likely to pursue it. Don't make me jump through hoops when I'm just trying to see if a product can fit my needs.
3. If license terms are too complex or easy to violate that's a hard pass. Infrastructure monitoring tools are a great example. The licensing is often per "device" or per monitored metric, and some vendors are very loose with their definition of "device". (Don't use LogicMonitor with k8s unless you like throwing money in the garbage can). Hard lessons learned.
4. If the only details I can find regarding how you secure your product are claims of SOC2 and ISO27001 certification then that's a very likely pass. Those controls are great to have, necessary even, but anyone who has had to work to meet those compliance objectives knows that they're much more about organization controls than they are product security. Give me an idea about how you protect data and whatnot on a security page somewhere, not an attestation that dev and prod are separate and you have logs.
On the side of the positives, outside of not hitting the negative marks, I value ease to work with, responsive and competent support, strong pre and post-sales solutions architecture and support/training (if the product is complex enough to warrant that), and supports SSO. I bring up SSO again because it's a hard requirement for SaaS purchases everywhere I go -- no SSO, no go. Social login is not a substitute and is highly undesired.
Hope this helps.
Also, no BuSL stupidity, they're all Apache 2 AFAIK: https://github.com/JetBrains/intellij-community/blob/idea/23...
And the "all you can eat" toolbox license is just a staggeringly good deal, IMHO, which also comes with a "you can keep your license forever, just no updates" which is way different from setting subscription-based licensing money on fire when your license expires. Whoever came up with that should be applauded because it really drives down my "what about" anxiety of paying subscription money for IDEs
on the off chance one hasn't been tracking it, there were several "we don't need your stinking BuSL" projects when this drama first started:
https://github.com/opentofu#why-opentofu (Terraform)
https://github.com/openbao/openbao#readme (Vault)
and I know of several attempts at Vagrant <https://github.com/hashicorp/vagrant/forks> but I don't believe one of them has caught traction yet
There are also some who have talked about an "open Nomad" but since I don't play in that space I can't speak to it
on the off chance one hasn't been tracking it, there were several "we don't need your stinking BuSL" projects when this drama first started:
https://github.com/opentofu#why-opentofu (Terraform)
https://github.com/openbao/openbao#readme (Vault)
and I know of several attempts at Vagrant <https://github.com/hashicorp/vagrant/forks> but I don't believe one of them has caught traction yet
There are also some who have talked about an "open Nomad" but since I don't play in that space I can't speak to it