hi sc-l, I have not yet finished gathering 2008 numbers for the space (almost done), but it appears that we have collectively passed the golden $500M number. What happens next is that all of the analyst firms get involved and start telling people in the mid-market what to buy. The first Gartner magic quadrant for the source code analysis space came out a few weeks ago. Fortify bought a copy that you can download for free (if you use the link below, you don't even have to register for spam): http://www.fortify.com/servlet/downloads/public/GartnerMQ_StaticApplicationSecurityTesting.pdf
Even more importantly, Gartner just published a blog entry that emphasizes the fact that tools alone will not solve the software security problem. Three cheers for sanity among the analysts! Thank you Neil. You can read that here: http://blogs.gartner.com/neil_macdonald/2009/03/07/application-security-a-tool-cannot-solve-what-fundamentally-is-a-process-problem/ We were gratified that Neil mentioned the BSIMM work, which is garnering plenty of attention. Download your copy of the BSIMM today at http://bsi-mm.com gem company www.cigital.com podcast www.cigital.com/silverbullet podcast www.cigital.com/realitycheck blog www.cigital.com/justiceleague book www.swsec.com _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
