Monday, June 02, 2008
Is the Magic Quadrant the bathroom reading of C Level executives?
Christopher Bischoff left an interesting perspective on Linkedin related to a question of whether Gartner should provide written research on OWASP...
Chris believes that Gartner is primarily a source of informtion regarding the Information Security marketplace not of what actually "works" within the Information Security Field but more about suboptimal procurement habits of large enterprises. He also stated that market research should not drive an organization's security solutions.
Have you heard of the Starfish and the Spider? OWASP is the poster child for this model with one employee and hundreds of volunteer chapters who have done more for software security than Oracle, Microsoft, Sun, EMC, HP and CA combined. It is curious at some level why Gartner hasn't provided any written research on wonderful offerings such as the OWASP Enterprise Security API, WebScarab, WebGoat, AntiSAMY or even due credit for the OWASP Top Ten.
For that matter, this isn't an attack on Gartner as all the analyst firms including The Burton Group, Redmonk, Entiva, Forrester, ZapThink, The 451 Group, Seybold and others have exercised their right to remain silent on something that could immensely benefit their customers. The story behind OWASP isn't just about security, when the better story is around open source. Even pundits such as Matt Asay haven't commented on the OWASP model.
I wonder if I am the only one that holds this perspective?
| | View blog reactionsChris believes that Gartner is primarily a source of informtion regarding the Information Security marketplace not of what actually "works" within the Information Security Field but more about suboptimal procurement habits of large enterprises. He also stated that market research should not drive an organization's security solutions.
Have you heard of the Starfish and the Spider? OWASP is the poster child for this model with one employee and hundreds of volunteer chapters who have done more for software security than Oracle, Microsoft, Sun, EMC, HP and CA combined. It is curious at some level why Gartner hasn't provided any written research on wonderful offerings such as the OWASP Enterprise Security API, WebScarab, WebGoat, AntiSAMY or even due credit for the OWASP Top Ten.
For that matter, this isn't an attack on Gartner as all the analyst firms including The Burton Group, Redmonk, Entiva, Forrester, ZapThink, The 451 Group, Seybold and others have exercised their right to remain silent on something that could immensely benefit their customers. The story behind OWASP isn't just about security, when the better story is around open source. Even pundits such as Matt Asay haven't commented on the OWASP model.
I wonder if I am the only one that holds this perspective?
