Thanks. I appreciate the question.
I'll get into the nitty-gritty. When we develop a piece of software, it is not static, as I mentioned. It's a 1.0. We have a road map that's very tight and, I would say, within a six-month window. There's still a road map even beyond that for up to two years. That's constantly evolving based on our users' feedback and the things we're learning about the cyber-threat landscape, etc.
In a procurement process, what we see is a waterfall list, a long laundry list of capabilities that are required on the day the RFP goes live. That list usually takes almost a year, if there's an RFI, through to the RFP. Really, most of the time when we see these RFPs, they're dated by the time they get posted, or they are actually asking for things that don't exist in the market or aren't functionally capable.
Oftentimes when we show them to users of such products in the government, they don't even know where they came from or why anyone would want those capabilities. The things they want are very specific. They have to navigate that through procurement services, where they actually list in a waterfall way what they want today, in a long laundry list, but they also know that it's going to evolve over time. Sometimes, frankly, they have to do what they know is wrong and say that they're picking things that will lead them to where they want to get to in six months.
I think there are a couple of really tangible things we can be doing. One is shortening the time, the length from information gathering through to procurement. Then, concurrently, we can be reducing the dollar amounts so that the risk isn't as high, and acknowledging how software is built—highly iterative, versioned—including opportunities to pitch road maps of technologies within the procurement process to the end-users and the technologists, not to the procurement people to be translated into jargon, but in the language that the end-users use them.
Also, then, there's understanding the landscape in a constant way. We have a procurement system that's highly responsive and not actually proactive in getting to the marketplace and understanding, first, what's out there, and second, what's possible within road maps and structures.
The last piece I'll say is that in the security phase, I think we need to do more assessment of companies and getting security clearance to the companies that have capabilities and can have capabilities in the future, so that they can work with government more hand in glove.