Software Security Industry Growth

Gary McGraw put out an article last week detailing the revenue generated by the software security industry for 2008. It’s nice to see our industry growing at a steady clip, but as Gunnar Peterson pointed out after Gary published 2007’s numbers, the software security market is dwarfed by the network security market. Gunnar’s numbers are a bit fuzzy, however, I think it’s safe to say we spend billions on network security (firewall, VPN, IDS, services, etc.), but only a fraction of that amount is spent on software security. The thing that worries me is that spending is a reflection on awareness, so even though increased spending in the software security sector indicates expanded awareness about software security I don’t think awareness is growing nearly fast enough. These days everyone knows about firewalls, but frequently people in IT know very little about software security. What do you guys think will help growing awareness? What would you like to see consultants and vendors like Fortify do to drive software security awareness?