Secure Coding mailing list archives
Gartner covers software security
From: gem at cigital.com (Gary McGraw)
Date: Tue, 10 Mar 2009 14:02:17 -0400
hi sc-l, I have not yet finished gathering 2008 numbers for the space (almost done), but it appears that we have collectively passed the golden $500M number. What happens next is that all of the analyst firms get involved and start telling people in the mid-market what to buy. The first Gartner magic quadrant for the source code analysis space came out a few weeks ago. Fortify bought a copy that you can download for free (if you use the link below, you don't even have to register for spam): http://www.fortify.com/servlet/downloads/public/GartnerMQ_StaticApplicationSecurityTesting.pdf Even more importantly, Gartner just published a blog entry that emphasizes the fact that tools alone will not solve the software security problem. Three cheers for sanity among the analysts! Thank you Neil. You can read that here: http://blogs.gartner.com/neil_macdonald/2009/03/07/application-security-a-tool-cannot-solve-what-fundamentally-is-a-process-problem/ We were gratified that Neil mentioned the BSIMM work, which is garnering plenty of attention. Download your copy of the BSIMM today at http://bsi-mm.com gem company www.cigital.com podcast www.cigital.com/silverbullet podcast www.cigital.com/realitycheck blog www.cigital.com/justiceleague book www.swsec.com
Current thread:
- Gartner covers software security Gary McGraw (Mar 10)