
Of course, we don’t have to give in to this — and we’re proud to say that we think we didn’t –, but if your business model is bound to push you into a direction you’re not willing to go, then maybe it’s time to change the business model. If you want a stable financial foundation, “paid once” is clearly not it.
What you do not want is to just be sold on security assessment-type work. You don’t want to be caught in an endless loop of vulnerability finding and fixing. What you are looking for are discussions on the best practices to build on that make sense for your specific risks.