Secure Coding mailing list archives
How big is the market?
From: gem at cigital.com (Gary McGraw)
Date: Tue, 24 Apr 2007 10:50:19 -0400
I'm sorry James, but I have to respectfully disagree about the vendor thing. Perhaps the tools vendors target the "information protection" people, but at Cigital we sell services to software execs (in huge companies) who are way up the food chain. Software security is small, and we need to emphasize the growth and get people interested. This goes for everyone who reads this list. To continue our impressive growth as a field, we need to continue to build. I do agree with you that people need to write more for developers (but I hope they pick better places than JDJ to publish in). Toward that end, check out the "Building Security In" department in IEEE Security & Privacy magazine <http://www.computer.org/portal/site/security/>. Also check out Brian Chess's new book "Secure Programming with Static Analysis" when it comes out in June. However, for the most part, it's critical to understand that workaday developers can't wrangle enough budget to tackle software security. BTW, I posted a reprise to the darkreading column on justice league today: http://www.cigital.com/justiceleague/ http://www.darkreading.com/document.asp?doc_id=122253&WT.svl=column1_1 All told, I am very optimistic about our field, but don't think we can rest on our laurels at all yet. gem company www.cigital.com podcast www.cigital.com/silverbullet blog www.cigital.com/justiceleague book www.swsec.com -----Original Message----- From: McGovern, James F (HTSC, IT) [mailto:James.McGovern at thehartford.com] Sent: Monday, April 23, 2007 12:30 PM To: Gary McGraw Cc: SC-L at securecoding.org Subject: RE: [SC-L] How big is the market? One thing that I can say is that vendors sometimes are doing themselves a disservice in terms of getting software security to grow even faster. Currently anything that has the word "security" in it automatically gets redirected to information protection types in large enterprises who usually are degrees away from those who actually write source code. A method should be to reach out to the development community via publications such as Java Developers Journal and similar forums. -----Original Message----- From: sc-l-bounces at securecoding.org [mailto:sc-l-bounces at securecoding.org]On Behalf Of Gary McGraw Sent: Friday, April 20, 2007 4:17 PM To: SC-L at securecoding.org Subject: [SC-L] How big is the market? Hi sc-lers, At s3con this week I gave a keynote about the state of the practice in software security. Some of what I said is captured in my darkreading column this month: http://www.darkreading.com/document.asp?doc_id=122253&WT.svl=column1_1 There are a couple of things worth noting. First of all, the article has some numbers in it that show how the market is growing. I believe we attained a $200-275 million level in 2006. Things look like they are continuing to grow as well. Second, this article discusses a few ways for a corporation to get started with software security, from the kinds of full blown initiatives that we recommend at Cigital to easier baby steps with badness-ometers like SPI Dynamics and Watchfire. Please do what you can to spread the word about this article so that people outside of our specialty get a feeling for what is happening. Software security is growing, and the growth is strong and consistent. gem company www.cigital.com podcast www.cigital.com/silverbullet blog www.cigital.com/justiceleague book www.swsec.com _______________________________________________ Secure Coding mailing list (SC-L) SC-L at securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________ ************************************************************************ * This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information. If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies. ************************************************************************ *
Current thread:
- How big is the market? Gary McGraw (Apr 20)
- How big is the market? McGovern, James F (HTSC, IT) (Apr 23)
- <Possible follow-ups>
- How big is the market? Gary McGraw (Apr 24)
- How big is the market? McGovern, James F (HTSC, IT) (Apr 24)
- How big is the market? Gary McGraw (Apr 24)
- How big is the market? McGovern, James F (HTSC, IT) (Apr 24)
- NYC Security McGovern, James F (HTSC, IT) (Apr 24)
- Magazines McGovern, James F (HTSC, IT) (Apr 24)
- How big is the market? McGovern, James F (HTSC, IT) (Apr 24)
- How big is the market? SC-L Subscriber Dave Aronson (Apr 24)