“The following is an editorial summary of a piece originally published by Roey Eliyahu, CEO of Salt Security.”
Salt Security CEO Roey Eliyahu published a pointed critique of how the cybersecurity industry evaluates vendors — arguing that POV-driven procurement rewards surface-level capabilities over genuine enterprise-grade depth.
Eliyahu’s central argument is compelling: when buyers optimize for fast deployment, checkbox compliance, and clean dashboards, startups build for those metrics rather than long-term risk reduction. The result is a market that looks innovative but may be systematically under-securing enterprises.
Particularly striking is his breakdown of BOLA detection — Broken Object Level Authorization, the number one risk in the OWASP API Top 10. Most tools can detect the obvious, noisy version of the attack. Real attackers are patient, slow, and distributed across sessions and business units. Most POV evaluations never test for that.
His conclusion is direct: if the industry evaluates for the showroom, startups will build for the showroom. The enterprise deserves to be evaluated for the road.
