Re: [SC-L] How big is the market?
McGovern, James F \(HTSC, IT\) [mailto:[EMAIL PROTECTED] writes: > I just conducted a super-official study of what my peers are reading by > walking a total of five aisles within a very large building. Here are a > list of magazines on folks desk: > > - Infoworld > - Java Developers Journal > - Insurance & Technology > - DMReview > - Intelligent Enterprise > - CIO > - Insurance Networking News I'd also suggest Software Development, and maybe Information Security. -Dave -- Dave Aronson "Specialization is for insects." -Heinlein Work: http://www.davearonson.com/ Play: http://www.davearonson.net/ ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___
Re: [SC-L] How big is the market?
Got it. I like dr. dobbs OK. Do you see that one around? It has software security content every once in a while. What others do you think would be a good target? What do the rest of you guys think? gem company www.cigital.com podcast www.cigital.com/silverbullet blog www.cigital.com/justiceleague book www.swsec.com -Original Message- From: McGovern, James F (HTSC, IT) [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 24, 2007 11:17 AM To: Gary McGraw Cc: SC-L@securecoding.org Subject: RE: [SC-L] How big is the market? Gary, I do at some level agree in terms of quality of publication. My perspective though is from an large enterprise perspective whose primary business model isn't about technology and the magazines that folks do read especially in the development community. A quick informal survey tells me that absolutely zero of my peers read IEEE (note I am a subscriber). Part of the problem may be the fact that us enterprise folks are bombarded with free magazines and cannot justify spending money to subscribe to ones such as the IEEE. I am merely suggesting some diversification for folks that don't pay for magazines. -Original Message- From: Gary McGraw [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 24, 2007 10:50 AM To: McGovern, James F (HTSC, IT) Cc: SC-L@securecoding.org Subject: RE: [SC-L] How big is the market? I'm sorry James, but I have to respectfully disagree about the vendor thing. Perhaps the tools vendors target the "information protection" people, but at Cigital we sell services to software execs (in huge companies) who are way up the food chain. Software security is small, and we need to emphasize the growth and get people interested. This goes for everyone who reads this list. To continue our impressive growth as a field, we need to continue to build. I do agree with you that people need to write more for developers (but I hope they pick better places than JDJ to publish in). Toward that end, check out the "Building Security In" department in IEEE Security & Privacy magazine <http://www.computer.org/portal/site/security/>. Also check out Brian Chess's new book "Secure Programming with Static Analysis" when it comes out in June. However, for the most part, it's critical to understand that workaday developers can't wrangle enough budget to tackle software security. BTW, I posted a reprise to the darkreading column on justice league today: http://www.cigital.com/justiceleague/ http://www.darkreading.com/document.asp?doc_id=122253&WT.svl=column1_1 All told, I am very optimistic about our field, but don't think we can rest on our laurels at all yet. gem company www.cigital.com podcast www.cigital.com/silverbullet blog www.cigital.com/justiceleague book www.swsec.com * This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information. If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies. * ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___
Re: [SC-L] How big is the market?
Gary, I do at some level agree in terms of quality of publication. My perspective though is from an large enterprise perspective whose primary business model isn't about technology and the magazines that folks do read especially in the development community. A quick informal survey tells me that absolutely zero of my peers read IEEE (note I am a subscriber). Part of the problem may be the fact that us enterprise folks are bombarded with free magazines and cannot justify spending money to subscribe to ones such as the IEEE. I am merely suggesting some diversification for folks that don't pay for magazines. -Original Message- From: Gary McGraw [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 24, 2007 10:50 AM To: McGovern, James F (HTSC, IT) Cc: SC-L@securecoding.org Subject: RE: [SC-L] How big is the market? I'm sorry James, but I have to respectfully disagree about the vendor thing. Perhaps the tools vendors target the "information protection" people, but at Cigital we sell services to software execs (in huge companies) who are way up the food chain. Software security is small, and we need to emphasize the growth and get people interested. This goes for everyone who reads this list. To continue our impressive growth as a field, we need to continue to build. I do agree with you that people need to write more for developers (but I hope they pick better places than JDJ to publish in). Toward that end, check out the "Building Security In" department in IEEE Security & Privacy magazine <http://www.computer.org/portal/site/security/>. Also check out Brian Chess's new book "Secure Programming with Static Analysis" when it comes out in June. However, for the most part, it's critical to understand that workaday developers can't wrangle enough budget to tackle software security. BTW, I posted a reprise to the darkreading column on justice league today: http://www.cigital.com/justiceleague/ http://www.darkreading.com/document.asp?doc_id=122253&WT.svl=column1_1 All told, I am very optimistic about our field, but don't think we can rest on our laurels at all yet. gem company www.cigital.com podcast www.cigital.com/silverbullet blog www.cigital.com/justiceleague book www.swsec.com * This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information. If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies. * ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___
Re: [SC-L] How big is the market?
I just conducted a super-official study of what my peers are reading by walking a total of five aisles within a very large building. Here are a list of magazines on folks desk: - Infoworld - Java Developers Journal - Insurance & Technology - DMReview - Intelligent Enterprise - CIO - Insurance Networking News Likewise, I asked several folks as to whether they subscribe to Dr. Dobbs and the answer was zero. Interestingly enough, I also checked with other folks and there seems to be more memberships in our architecture group with the ACM over IEEE. -Original Message- From: Gary McGraw [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 24, 2007 11:24 AM To: McGovern, James F (HTSC, IT) Cc: SC-L@securecoding.org Subject: RE: [SC-L] How big is the market? Got it. I like dr. dobbs OK. Do you see that one around? It has software security content every once in a while. What others do you think would be a good target? What do the rest of you guys think? gem company www.cigital.com podcast www.cigital.com/silverbullet blog www.cigital.com/justiceleague book www.swsec.com -Original Message- From: McGovern, James F (HTSC, IT) [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 24, 2007 11:17 AM To: Gary McGraw Cc: SC-L@securecoding.org Subject: RE: [SC-L] How big is the market? Gary, I do at some level agree in terms of quality of publication. My perspective though is from an large enterprise perspective whose primary business model isn't about technology and the magazines that folks do read especially in the development community. A quick informal survey tells me that absolutely zero of my peers read IEEE (note I am a subscriber). Part of the problem may be the fact that us enterprise folks are bombarded with free magazines and cannot justify spending money to subscribe to ones such as the IEEE. I am merely suggesting some diversification for folks that don't pay for magazines. -Original Message- From: Gary McGraw [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 24, 2007 10:50 AM To: McGovern, James F (HTSC, IT) Cc: SC-L@securecoding.org Subject: RE: [SC-L] How big is the market? I'm sorry James, but I have to respectfully disagree about the vendor thing. Perhaps the tools vendors target the "information protection" people, but at Cigital we sell services to software execs (in huge companies) who are way up the food chain. Software security is small, and we need to emphasize the growth and get people interested. This goes for everyone who reads this list. To continue our impressive growth as a field, we need to continue to build. I do agree with you that people need to write more for developers (but I hope they pick better places than JDJ to publish in). Toward that end, check out the "Building Security In" department in IEEE Security & Privacy magazine <http://www.computer.org/portal/site/security/>. Also check out Brian Chess's new book "Secure Programming with Static Analysis" when it comes out in June. However, for the most part, it's critical to understand that workaday developers can't wrangle enough budget to tackle software security. BTW, I posted a reprise to the darkreading column on justice league today: http://www.cigital.com/justiceleague/ http://www.darkreading.com/document.asp?doc_id=122253&WT.svl=column1_1 All told, I am very optimistic about our field, but don't think we can rest on our laurels at all yet. gem company www.cigital.com podcast www.cigital.com/silverbullet blog www.cigital.com/justiceleague book www.swsec.com * This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information. If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies. * ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___
Re: [SC-L] How big is the market?
I'm sorry James, but I have to respectfully disagree about the vendor thing. Perhaps the tools vendors target the "information protection" people, but at Cigital we sell services to software execs (in huge companies) who are way up the food chain. Software security is small, and we need to emphasize the growth and get people interested. This goes for everyone who reads this list. To continue our impressive growth as a field, we need to continue to build. I do agree with you that people need to write more for developers (but I hope they pick better places than JDJ to publish in). Toward that end, check out the "Building Security In" department in IEEE Security & Privacy magazine <http://www.computer.org/portal/site/security/>. Also check out Brian Chess's new book "Secure Programming with Static Analysis" when it comes out in June. However, for the most part, it's critical to understand that workaday developers can't wrangle enough budget to tackle software security. BTW, I posted a reprise to the darkreading column on justice league today: http://www.cigital.com/justiceleague/ http://www.darkreading.com/document.asp?doc_id=122253&WT.svl=column1_1 All told, I am very optimistic about our field, but don't think we can rest on our laurels at all yet. gem company www.cigital.com podcast www.cigital.com/silverbullet blog www.cigital.com/justiceleague book www.swsec.com -Original Message- From: McGovern, James F (HTSC, IT) [mailto:[EMAIL PROTECTED] Sent: Monday, April 23, 2007 12:30 PM To: Gary McGraw Cc: SC-L@securecoding.org Subject: RE: [SC-L] How big is the market? One thing that I can say is that vendors sometimes are doing themselves a disservice in terms of getting software security to grow even faster. Currently anything that has the word "security" in it automatically gets redirected to information protection types in large enterprises who usually are degrees away from those who actually write source code. A method should be to reach out to the development community via publications such as Java Developers Journal and similar forums. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Gary McGraw Sent: Friday, April 20, 2007 4:17 PM To: SC-L@securecoding.org Subject: [SC-L] How big is the market? Hi sc-lers, At s3con this week I gave a keynote about the state of the practice in software security. Some of what I said is captured in my darkreading column this month: http://www.darkreading.com/document.asp?doc_id=122253&WT.svl=column1_1 There are a couple of things worth noting. First of all, the article has some numbers in it that show how the market is growing. I believe we attained a $200-275 million level in 2006. Things look like they are continuing to grow as well. Second, this article discusses a few ways for a corporation to get started with software security, from the kinds of full blown initiatives that we recommend at Cigital to easier baby steps with badness-ometers like SPI Dynamics and Watchfire. Please do what you can to spread the word about this article so that people outside of our specialty get a feeling for what is happening. Software security is growing, and the growth is strong and consistent. gem company www.cigital.com podcast www.cigital.com/silverbullet blog www.cigital.com/justiceleague book www.swsec.com ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___ * This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information. If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies. * ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___
Re: [SC-L] How big is the market?
One thing that I can say is that vendors sometimes are doing themselves a disservice in terms of getting software security to grow even faster. Currently anything that has the word "security" in it automatically gets redirected to information protection types in large enterprises who usually are degrees away from those who actually write source code. A method should be to reach out to the development community via publications such as Java Developers Journal and similar forums. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Gary McGraw Sent: Friday, April 20, 2007 4:17 PM To: SC-L@securecoding.org Subject: [SC-L] How big is the market? Hi sc-lers, At s3con this week I gave a keynote about the state of the practice in software security. Some of what I said is captured in my darkreading column this month: http://www.darkreading.com/document.asp?doc_id=122253&WT.svl=column1_1 There are a couple of things worth noting. First of all, the article has some numbers in it that show how the market is growing. I believe we attained a $200-275 million level in 2006. Things look like they are continuing to grow as well. Second, this article discusses a few ways for a corporation to get started with software security, from the kinds of full blown initiatives that we recommend at Cigital to easier baby steps with badness-ometers like SPI Dynamics and Watchfire. Please do what you can to spread the word about this article so that people outside of our specialty get a feeling for what is happening. Software security is growing, and the growth is strong and consistent. gem company www.cigital.com podcast www.cigital.com/silverbullet blog www.cigital.com/justiceleague book www.swsec.com ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___ * This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information. If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies. * ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___
[SC-L] How big is the market?
Hi sc-lers, At s3con this week I gave a keynote about the state of the practice in software security. Some of what I said is captured in my darkreading column this month: http://www.darkreading.com/document.asp?doc_id=122253&WT.svl=column1_1 There are a couple of things worth noting. First of all, the article has some numbers in it that show how the market is growing. I believe we attained a $200-275 million level in 2006. Things look like they are continuing to grow as well. Second, this article discusses a few ways for a corporation to get started with software security, from the kinds of full blown initiatives that we recommend at Cigital to easier baby steps with badness-ometers like SPI Dynamics and Watchfire. Please do what you can to spread the word about this article so that people outside of our specialty get a feeling for what is happening. Software security is growing, and the growth is strong and consistent. gem company www.cigital.com podcast www.cigital.com/silverbullet blog www.cigital.com/justiceleague book www.swsec.com ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. ___