« So Too All Silver Bullets | Main | When the cure is the problem »



Hey Gunnar,

where did you get these numbers and what would you include in each of these markets?

"My cocktail napkin analysis says...

- the network market is ~$39B
- the network security market is ~900M
- the software market is ~98B
- the software security market is only ~150M"

They seem wildly incorrect - not that it would distract from the point of your article, just curious


@Amrit if you read the link (*) its predicated on teh revenues of the biggest players in their spaces

"Let's look at networks. Obviously Cisco is the biggest, they earned $39.5 Billion last year. Pretty stellar. So spending $900 Million (Checkpoint) to defined $39.5 Billion seems like a pretty good deal.

Except, let's compare software security spending - last year Microsoft earned $60 Billion, SAP $16 billion, and Oracle $22 Billion. So that is about $98 Billion and you are going to "defend" that with allocating $150 Million worth of software security tools?"

* http://1raindrop.typepad.com/1_raindrop/2008/08/software-security-market.html


Hey Gunnar,

Thanks for the comments. The confusion come from your use of the term "software security tools" and "Network security" market. I assume for the "software security tools" you are really just referring to static and dynamic application analysis and testing tools (fortinet, SPI, watchfire, Ounce labs, etc) and not All software security tools (every piece of security software) which is also referred to as "software security tools". That being said, the total market for all static and dynamic application testing tools is much higher than $150 million

It isn't clear what you are referring to in "network security" since there wasn't a link that explained it, but the "network security" market is orders of magnitude larger than $900m.

I don't think your position holds water because you are comparing total software market size against only one area of security - security tools used as part of the application development process.



the 900M is Checkpoint's annual revenue

the 150M is based on Gary's estimate and some anecdotal on Fortify, Ounce and such.

Again the rest of the analysis is here

I would generally put testing tools in the assurance category

Its a cocktail napkin analysis, would be happy to work on a more formal one, the idea is to take representatives of the largest players in each niche.

The comments to this entry are closed.