Just some thoughts on “vendor” marketing.
In just about every DFIR email list, social media thread, or forum, there is the sporadic appearance of a vendor who mentions their software in response to a problem someone has, and within seconds of the vendor response, the vendor gets bashed for simply saying, "Hey, maybe my software can help."
I totally get it. I don’t know anyone who wants sales people knocking on their front door, trying to sell something that they didn’t ask for in the first place. Doesn’t matter if it is encyclopedia sales or vacuum cleaner sales, unsolicited sales can be annoying.
Anyone who has been to even one major tech conference quickly learns that if you let a vendor scan your badge in return of getting a free pen or toy, you will probably have emails sent to you for years by that vendor. The cost of that “free” stuff is agreeing to be contacted by the vendor. So, you kinda ask for it when you do this.
Yes, I get a few mailers. Actual printed materials. Some are done very well and quite informative in addition to selling something. I'll take free useful information anytime.
Back to the online vendor marketing….
First off, I like free stuff. I love FOSS . But I also buy things that I need and I don’t expect these things to be free. Yes, “ Name-Your-Forensic-Tool ” might be expensive, but it is expensive for a reason. It takes time and resources to develop and also incurs marketing expenses to get the word out to those who may need the tool. Basic business. If your business is selling your software, and if you don't sell it, it never gets developed further and your business closes its doors. Everyone loses .
Here is where I see a divergence in how some vendors are treated by some of us (I say “us” because we are all in this together). Some of the comments I've seen and not agreed with include;
-If the tool is so good, it shouldn’t have to be marketed. Sales should be organic.
-I don’t want to be sold anything.
-Vendors should not be able to comment on their tools in forums/email lists/etc…
-I am so tired of seeing marketing on social media (Linkedin, Facebook, etc…)
Here's the thing: if I never see a marketing attempt by a vendor, I may never see the tool…ever. I plainly will never know that it exists, even if I could use it to solve a problem..
For the email lists and forums, I have no problem in that a response to a problem could be answered with someone who sells a solution to that problem. Actually, a vendor with the solution should answer! That is the point of someone asking...they are asking for a solution. And if a competitor responds to another competitor, all the better. Now you can see competing products for your solution. You may even discover a solution that you never knew existed before.
If you take a look at the tools listing on dfir.training , you will over 1,000 individual software tools in DFIR. I am quite sure that you have never seen 75% of the listings before, maybe even more. There are probably another 1,000 tools that are not listed, which would account for those I have never seen before because no one talks about them (therefore…not listed…). I have no doubt that there has been some outstanding tools developed, both FOSS and commericial, that never see the light of day because there is no marketing. I can also imagine some software writers who simply gave up because they didn't market their tool to potential buyers. You can have the best tool in the world, but if no one knows about it, makes no difference in how well it works.
If someone has a problem to solve and publicly asks for a solution to that problem, then those who have potential solutions should feel safe in public recommendations, whether as a user or developer of a solution.
I believe the key point that many seem to have is that because a tool-maker makes money off the tool that they developed, they shouldn’t be allowed marketing their tool or allowed to chime in with a discussion about their tool.
As for me, I tune out the vendors that I don’t need, keep an eye out for tools that I might need, and keep up on the developers with tools that I regularly need. For the tool developers, if you don't see your tool listed on dfir.training, that means I don't know about it and really want to add it, so let me know about it.