A little over 10 or so years ago, when I was responsible for information security and privacy at a large financial organization, I was doing research into PKI products and solutions. The sales exec for one of the products I was considering insisted on coming onsite with his “lead scientists and engineers” to tell me and some other folks in the IT and information security area about how wonderful their PKI product was. I did some research and prepared a couple of pages of questions to ask them about the specifics of their product. The sales exec, who has since gone on to other work and is also now a friend of mine, later told me that he felt like shrinking and hiding under the table as I asked questions about the specifics, functionality and support of their product that the developers themselves could not answer, and, even worse, many that they had not even thought about.