Mentioning different security vendors

[itaifrenkel]

There is a tradeoff between giving practical advice mentioning specific vendors and features, and being fair with all security vendors.

There are a few ideas I am struggling with:

1. Add a page per vendor. This is a place where we can add the top 10 tips for each vendor.
2. Add a page per use-case (for example 2FA providers). The problem here is that you would need to sort the vendors, those being on top benefiting more. It could also become a wikipedia-like editing battleground that I would like to avoid. We could have a poll, and I'll sort the list based on the poll, but that would require some vetting, and confidentiality as startups are reluctant to expose their security stack publicly. Confidentiality in turn might bring up trust issues as things are not being done out in the open.
3. Referring to external sites that measure up different vendors. This bring the question, which site ? I would like to be biased towards the selection of vendors that startups can use, and not just enterprise customers use.

[cottsak]

I don't think the "vendor bias" is a problem. If this doc emerges over time as the product of various real-world experience then references should reflect that.

It's hard to aspire to a "vendor neutral" approach because it necessarily requires more work to cover all bases - this is not a #lean approach. I personally would encourage contributors to add references as their experience leads them and the advice herein will be richer as a result.