Although a few companies have practices that border on criminal intent, the work done by the security research community is critical for system and data protection. The necessity of this work has translated into strong and steady growth, continuing into Q3 of 2007. While still divided on a few topics, the market as a whole recognizes the value of responsible disclosure and is working to improve the quality of the tested software.
New analysis from Frost & Sullivan (networksecurity.frost.com), World Vulnerability Research Markets Q3 2007, finds that the market disclosed 147 total vulnerabilities in Q3 of 2007. Although this number is less than the total disclosed in Q2 of 2007, the total number of vulnerabilities has traditionally increased each quarter and is expected to climb steadily in the future.
If you are interested in a virtual brochure, which provides manufacturers, end users, and other industry participants with an overview of the Q3-2007 World Vulnerability Research Markets, then send an email to Mireya Castilla, Corporate Communications, at mireya.castilla[.]frost.com, with your full name, company name, title, telephone number, city, state, country, and email address. Upon receipt of the above information, an overview will be sent to you by email.
"Each new piece of software and technology also carries with it the potential to expose its users to cyber attacks," notes Frost & Sullivan Research Analyst Chris Rodriguez. "This being the case, the vulnerability research market has grown steadily and this trend expects to continue, as established researchers become more proficient and more people realize the value of vulnerability information."
In the future, the vulnerability research market expects to further grow with the release of each new application. Automated testing tools such as fuzzers now help researchers to find bugs faster. Additionally, researchers may also be drawn to the financial rewards offered by organizations with "bug bounty" programs.
However, while the vulnerability research market is highly dynamic, there remain a few companies that walk the line ethically. Although it is only a few, it still reflects poorly on the rest of the research community. Many in the security community remain divided on the topic of contribution compensation programs, further blurring the lines between responsible disclosure and full disclosure.
"The vulnerability research market is still relatively new territory," says Rodriguez. "This market faces several polarized points of debate and has much more potential for growth than what it has shown so far."
Demonstrated by the meteoric rise of new entrants, bounty programs provide little barriers to entry. Initially, vulnerability compensation programs were very controversial, but have increasingly gained acceptance since their inception. Companies backed by sufficient financial resources could quickly jump to the top of the discloser lists.
World Vulnerability Research Markets Q3-2007 is part of the Network Security Growth Partnership Service program, which also includes research in the following markets: intrusion detection prevention, vulnerability management, and network access control technologies. All research services included in subscriptions provide detailed market opportunities and industry trends that have been evaluated following extensive interviews with market participants. Interviews with the press are available.
About Frost & Sullivan
Frost & Sullivan, the Global Growth Consulting Company, partners with clients to accelerate their growth. The company's Growth Partnership Services, Growth Consulting and Career Best Practices empower clients to create a growth focused culture that generates, evaluates and implements effective growth strategies. Frost & Sullivan employs over 45 years of experience in partnering with Global 1000 companies, emerging businesses and the investment community from more than 30 offices on six continents.