Wednesday, 11 February 2009

Gartner Magic Quadrant for Static Analysis

« Hacker fall-out from Israeli-Palestinian conflict | Main | SHA-3 Round 1: Buffer Overflows »
Today Gartner released its first ever Magic Quadrant on Static Application Security Testing (SAST). Here it is. I fought for them to call it Built-in Application Developer-Assisted Security Systems (BADASS), but professionalism appears to have won the day.

From an industry standpoint, this is a big deal. Gartner's recognition means software security has hit the mainstream. Gartner creates an MQ when an industry segment reaches $100M in total revenue. Then Gartner, as an independent organization, invites vendors to participate. No vendor pays for the MQ and Gartner doesn't charge for it. They evaluated ten vendors. Fortify took the top spot.

Its worth looking at the Gartner methodology to understand what that means. The report is primarily based on what Gartner hears from its clients. (Being an analyst is a good gig if you can get it.) Gartner talked to hundreds of people, not just the companies being evaluated. And customer input is the most influential factor. We had to answer lots of questions about our product and strategy, and I'm sure our sweet and soothing words didn't hurt, but this is not an essay test. Bottom line: it's what the market told Gartner. My favorite part: although static analysis was the focus of the MQ, the runtime components in Fortify 360 were the first thing they called out as Fortify's key differentiator. Satisfaction.

If you're already down with the Gartner crew, you should talk to the authors: Joseph Feiman or Neil MacDonald.

Technorati Tags:

Posted by bchess at 7:57 PM in Fortify
Responses (0)

 

[Trackback URL for this entry]

Your comment:

 
Generate another code
SCode

Please enter the code as seen in the image above to post your comment.
 
 

Live Comment Preview: