BIGTECH: Hello, we would like to buy an on-premise version of your software.
ME: Oh! Cool, here is the payment link
BIGTECH: Uhm... Nah. Can't do that. We want this to be harder. More complicated. Draft a "proforma invoice". We will create a purchase order. Then we approve. Then you send us your W9 form. Then we will perform an audit...
ME: Whoa, hold on a sec...
(googling "proforma invoice", "purchase order")
BIGTECH (in two days): Well, what is it?
ME: (damn, forgot about them) So, guys, here's another link, you can buy via this "purchase order" thing in just two clicks. The invoice will be auto-generated. Pay by wire transfer, check, whatever.
BIGTECH: Just a second...
BIGTECH (totally different employee): Hello, we would like to buy an on-premise version of your software.
ME: (oh ffs) Cool, here's your link... Again.
BIGTECH: We still need W9 and W8-Ben, and also... We need to perform a SECURITY AUDIT of your product. This is a very important SECURITY AUDIT.
ME: sure, here's the endpoint URL, run whatever scans you want.
BIGTECH: Uhm... Nah. Can't do that. We want this to be harder. More complicated. Here's a link to our internal Supplier Communication System. Register an account in it and fill out a questionnaire like this.
ME (looking at a 18 pages questionnaire): ...
MY COFOUNDER (in Slack): Ahahaha, I've already filled that shit out.
ME (in Slack): Huh? What do you mean "already filled"?
COFOUNDER (in Slack): dude, they've bought this product like two times already.
ME: dear Bigtech, why the fu... You are already a client of ours! And we already filled this form, here is the email "Michael-From-Another-Department (at) bigtech", please double check.
BIGTECH goes silent, processing this incredible information
BIGTECH (a week later): OK, that was a slightly different questionnaire. And frankly we can't really find Michael anywhere. Anyway, here's the form and...
ME: (inaudible)
BIGTECH: ...then register an account in the Supplier Communication System, then install our Certified 2FA Generator on your phone...
ME: Certified what? Can't I just use Google Authenti...
BIGTECH: NO YOU CAN'T USE ANYTHING FROM GOOGLE!!!!111
ME (after a week): I filled everything in.
BIGTECH: But you put dashes in some of the fields
ME: Sorry (not really).
BIGTECH: Okay, forget it. Let Us Begin The Security Audit! The results will be published in the Supplier Communica...
ME: yes yes, got it
BIGTECH (a week later): We have completed THE SECURITY AUDIT. We identified A VULNERABILITY that needs to be fixed, provide the deadline for the fix, sign the commitment, then provide screenshots that everything has been fixed, then...
ME: wait, vulnerability, what vulnerability?
BIGTECH: The vulnerability is very, very serious one. Just a second, where is our tester dude...
DINESH (pentester): They don't have the "X-Frame-Options" header.
BIGTECH: yeah, right, you don't have that... whatever... "header"...
COFOUNDER (in Slack): OMFG KILL ME...
ME: you're buying the on-premise version, so we intentionally removed it, please configure it as per [instructions]. Again, this was intentional, because on-prem clients (like you!) use our software in very weird ways, including inside an iframe
DINESH (pentester): My dudes, totally makes sense. But this stupid testing suite they make me use...
BIGTECH: whoa whoa, wtf Dinesh! Also, who said you can communicate over email? Please post your answer in the SUPPLIER SYST...
ME (in the Supplier System): Unfortunately, the pricing plan you picked does not include custom legal support, here is a link to the "Uber-Mega-Enterprise" plan for $100k per second, thank you.
This is a true story. Names have been changed to protect... ourselves. Also unfortunately, I made up that last sentence, I'm not that brave.