Gartner covers software security

[gem at cigital.com (Gary McGraw)]

hi sc-l,

I have not yet finished gathering 2008 numbers for the space (almost done), but it appears that we have collectively 
passed the golden $500M number.  What happens next is that all of the analyst firms get involved and start telling 
people in the mid-market what to buy.  The first Gartner magic quadrant for the source code analysis space came out a 
few weeks ago.  Fortify bought a copy that you can download for free (if you use the link below, you don't even have to 
register for spam):
http://www.fortify.com/servlet/downloads/public/GartnerMQ_StaticApplicationSecurityTesting.pdf

Even more importantly, Gartner just published a blog entry that emphasizes the fact that tools alone will not solve the 
software security problem.  Three cheers for sanity among the analysts!  Thank you Neil.  You can read that here:
http://blogs.gartner.com/neil_macdonald/2009/03/07/application-security-a-tool-cannot-solve-what-fundamentally-is-a-process-problem/

We were gratified that Neil mentioned the BSIMM work, which is garnering plenty of attention.  Download your copy of 
the BSIMM today at http://bsi-mm.com

gem

company www.cigital.com
podcast www.cigital.com/silverbullet
podcast www.cigital.com/realitycheck
blog www.cigital.com/justiceleague
book www.swsec.com