« Should BRIC be BIIC? | Main | Thoughts on Token Security »

Comments

Augusto Paes de Barros

Very good post, again.

However, that 900M x 150M comparison does not seem to be "apples to apples" to me. Organizations buy security to protect the network as a system, not its components. When we're talking about software security and looking at the software numbers we are looking into tools to protect components (software pieces). The security of network and software components (like routers and Windows) is usually out of our hands, I mean, it's provided by the vendors. So, we buy security to protect the network as a single system and security to protect "tailor made" software. It's hard to know if comparing the amount spent on these two different things has any meaning at all.

anon

Gary credits that he got those numbers from Gartner - you should credit them.

Gunnar

Augusto,

If I write a web application and stick it front of SAP (which runes my entire business), then I open up port 80/443 to talk to the portal and SAP directly, what security services is the firewall offering my application?

Authentication? authorization? auditing? confidentiality? integrity? availability? Content validation?

From an app standpoint - I think none of these things.

gem

Hi Gunnar,

I'm not sure how you came up with your total for the space, which is too low. Here's what I said in the original article:
"All told, the software security market for tools and services in 2007 was worth somewhere between $275-300 million. If you factor in application firewalls (probably accounting for $50 million), the number is even higher."

I think your ratios are still interesting, but the space is pretty much larger than your post implies. The reason this matters is that when a space approaches $500M, the analysts start covering it. We can see that now in software security. We're at an important threshold!

gem

Gunnar

Hi Gary

I got the number from your article on the total tools market. I did not include services because I was comparing to Cisco and Checkpoint which have minimal services

The comments to this entry are closed.