The necessity of this research has translated into the strong and steady growth of the vulnerability research market. While still divided on a few topics, security professionals and software vendors both recognize the importance of responsible vulnerability research, and are working to improve the quality of the software.
New analysis from Frost & Sullivan (networksecurity.frost.com), World Vulnerability Research Markets Q3-2008, finds that 74 vulnerabilities were disclosed in Q3 of 2008. Although this number decreased compared to that of previous periods, the total number of vulnerabilities has traditionally increased in each quarter, and is expected to keep climbing steadily in the future.
If you are interested in a virtual brochure, which provides manufacturers, end-users, and other industry participants with an overview of the Q3-2008 world vulnerability research markets, then send an email to Christina Alfaro, Corporate Communications, at christina.alfaro[.]frost.com, with your full name, company name, title, telephone number, company email address, company website, city, state and country. Upon receipt of the above information, an overview will be sent to you by email.
"Software and technology empower users and improve productivity, but also carry the potential to expose users to cyber attacks," explains Frost & Sullivan Research Analyst Christopher Rodriguez. "The more people realize the value of vulnerability information, and established researchers become more proficient, the more the market will grow steadily and continue to do so."
However, many in the security community remain divided on the topic of contribution compensation programs, further blurring the lines between responsible disclosure and full disclosure. Although many software vendors understand the importance of vulnerability research, a few are still uncooperative.
"While the vulnerability research market is highly dynamic, there remain only a few companies that walk the line ethically," adds Rodriguez. "This market faces several polarized points of debate and has much more potential for growth than it has shown so far."
The market can expand significantly with the release of each new application. Automated testing tools such as fuzzers now help researchers to find bugs faster. Additionally, researchers may also be drawn to the financial rewards offered by organizations with "bug bounty" programs.
These bounty programs provide few barriers to entry, as demonstrated by the meteoric rise of market entrants. Companies backed by sufficient financial resources could quickly jump to the top of the discloser lists.
World Vulnerability Research Markets Q3-2008 is part of the Network Security Growth Partnership Service program, which also includes research in the following markets: network-, software-, and host-based IDS/IPS, vulnerability management, and network access control technologies. All research services included in subscriptions provide detailed market opportunities and industry trends that have been evaluated following extensive interviews with market participants.
About Frost & Sullivan
Frost & Sullivan, the Growth Partnership Company, enables clients to accelerate growth and achieve best in class positions in growth, innovation and leadership. The company's Growth Partnership Service provides the CEO and the CEO's Growth Team with disciplined research and best practice models to drive the generation, evaluation and implementation of powerful growth strategies. Frost & Sullivan leverages over 45 years of experience in partnering with Global 1000 companies, emerging businesses and the investment community from 31 offices on six continents.
World Vulnerability Research Markets Q3-2008 / N566