Operators depend on their vendors to supply products and solutions that are secure. As all operators have experienced, “secure products” is almost always a vendor afterthought. This leads to operator risk that in some cases turn deadly. We will explore realistic expectations for “vendor security.” These expectations are based on 25 years of operator and vendor experience – with direct experience on some of the nastiest vulnerabilities, horrendous APT abuses, and industry wide attack vectors. We’ll focus on the dialog that the organizations hackers should be having with their vendors along with maximum leverage advice.