Sunday, December 23, 2007
Do Industry Analysts understand the importance of Software Security?
Across the board, analyst firms are ignoring the importance of static analysis tools and aren't talking about how they may be used to write secure software. I know that vendors such as Ounce Labs, Fortify Software and Coverity are currently tiny in terms of revenue and therefore don't have huge budgets to spend on analysts, but that doesn't mean that coverage isn't warranted.
Likewise, I also have attempted to find evidence that industry analysts are participating in security-oriented users groups such as The Open Web Application Security Project (OWASP) and have found folks from Forrester Research, The Burton Group, Yankee Group and The 451 Group but haven't found evidence saying that other analyst firms such as Gartner, RedMonk, ZapThink or Ostermann Research are participating.
I would think that Barbara French of Tekrati and other analyst relations firms would appreciate the importance of not only their customers interacting with analysts, but their potential customers and them interacting together with attendees of these users groups who happen to actually procure the software.
| | View blog reactionsLikewise, I also have attempted to find evidence that industry analysts are participating in security-oriented users groups such as The Open Web Application Security Project (OWASP) and have found folks from Forrester Research, The Burton Group, Yankee Group and The 451 Group but haven't found evidence saying that other analyst firms such as Gartner, RedMonk, ZapThink or Ostermann Research are participating.
I would think that Barbara French of Tekrati and other analyst relations firms would appreciate the importance of not only their customers interacting with analysts, but their potential customers and them interacting together with attendees of these users groups who happen to actually procure the software.
