u/ShipItAndPray

I’ve been spending nights/weekends building something around vendor risk (think SOC 2 / third-party reviews), and I’m at that awkward stage where I can’t tell if it’s useful or just “interesting.”

I don’t have paying users yet; just a few people I know poking at it and giving feedback. Traction is… slow.

The idea came from seeing how much time goes into reviewing vendor reports and mapping controls manually.

For anyone in security/compliance/audit:

– How do you actually handle vendor reviews today?

– What part of the process is the biggest time sink?

– What have you tried that didn’t work?

Not trying to pitch anything. Just trying to figure out if I should keep going or pivot early.