LOGIN | REGISTER NOW | SUBSCRIBE
 
print Printable version 
Most Read Latest News Blog Resources
Mono brings .NET to Android
At Microsoft MIX, Mono will unveil the ability to port .NET applications to the Android op...

OSBC focus turns to best practices for open-source adoption
Businesses are no longer asking why they should adopt, but how do they use open source leg...

IBM brings Rational tools into the cloud
Fifteen Rational products for managing, developing and testing on clouds are now available...

Digg!  Digg
Reddit  Reddit
Slashdot  Slashdot
Share on facebook  Facebook
Share on Twitter  Twitter

Analyst: Code Scanning Won’t Stand on Its Own


Shift seen in security market

By Alex Handy
April 1, 2007 — 
When Fortify purchased rival Secure Software in January, it was the first major business move by a player in the market for application code security scanning. Now, more than two months later, at least one analyst sees the move as indicative of a broader shift in the application security assurance space.

Andrew Jaquith, program manager for the Yankee Group’s enabling technologies enterprise group, released a white paper in March that took an in-depth look at the Fortify deal, and placed the acquisition into the broader setting of the software security market as a whole.

Jaquith asserts that Secure Software was having trouble gaining traction in the marketplace during its five-year history. According to Jaquith, Secure Software never matched the amount of venture capital it raised with cumulative revenues, a fact that Jaquith attributes to the relatively small size of the market for such tools.

“Viewed charitably, the Fortify/Secure Software deal could be seen as just another Darwinian market event: One strong competitor overtakes another,” wrote Jaquith. “However, Yankee Group believes the deal marks a turning point. Fundamentally, Secure Software’s fortune underscores the competitive difficulties faced by nearly all participants in the code assurance market, which is less than $30 million in size. The deal suggests that we are witnessing the beginning of the end of the standalone market.”

With so little money in the marketplace for secure coding solutions, Jaquith wrote, the consolidation of Secure Software and Fortify could portend a coming consolidation in the space, as clients become scarce. There is one thing, however, that Jaquith expects could spur growth in the code security scanning market: legislation.

“Regulation and the related fear of jail time are the most compelling drivers of security product purchases, with contractual obligations being a close second,” wrote Jaquith. “In contrast, well-meaning enterprise security policies that mandate secure development practices are much less compelling. Until regulators or a strong industry body such as the payment card industry force enterprises to use code scanning tools, they will take a back seat—correctly—to other initiatives.”

Now that the dust has settled on the acquisition, Jaquith credits Fortify with cementing its position as the market leader in code assurance scanning. That company has also created its own open source project, Find Bugs, in order to expand its appeal, but Jaquith did not see this as a market-changing strategy. Indeed, he sees the entire code scanning market as destined for a diversified future, not a specialized one.

“The market is too small to sustain specialist vendors whose products do only one thing: statically analyze core code libraries for bugs,” wrote Jaquith. “With apologies to Isaiah Berlin and Archilochus, Secure Software wanted to be a ‘hedgehog’—an animal that knows only one thing. But the market has shown that it wants ‘foxes’—such as Fortify—who know many things.”


Share this link: http://www.sdtimes.com/link/30402
 

Add comment


Name*
Email*  
Country     


  • Comment
  • Preview
Loading



 
 
 
 
News on Monday
more>>
SharePoint Tech Report
more>>


   

 
 
Download Current Issue
ISSUE 3/15/2010 PDF

Need Back Issues?
DOWNLOAD HERE

Receive the print Edition?


 
blogs tab
Google Code turns 5
Google Code Turns 5, and adds a Paxos Algorithm to make the system more stable and reliable.
03/17/2010 11:16 AM EST

Test your Visual Studio 2010 know-how
Microsoft is offering free beta certification exams for Visual Studio 2010.
03/17/2010 11:08 AM EST

Microsoft lifts the hood on IE9
Microsoft is previewing IE9.
03/16/2010 01:10 PM EST

 

Events calendar tab
EclipseCon
3/22/2010 to 3/25/2010
Santa Clara, Calif.
The Eclipse Foundation

DevConnections
4/12/2010 to 4/14/2010
Las Vegas
Penton Media

MySQL Conf. and Expo
4/12/2010 to 4/15/2010
Santa Clara, Calif.
O'Reilly Media

High Performance Computing Linux Financial Markets
4/19/2010
New York City
Flagg Management

Informix User Conf.
4/25/2010 to 4/28/2010
Overland Park, Kans.
IIUG