|
|
 |
|
Viewing report
|
|
|
|
World Vulnerability Research Market CY 2010
Frost & Sullivan, March 2011, Pages: 98
Frost & Sullivan vulnerability tracker is compiled from various public sources to analyze the vulnerability landscape from 2000 to the present. The US CERT is the primary source of data but other sources include the National Vulnerability Database as well as news and vendor websites. The top research companies are also interviewed to provide industry and technology trends. The data is collected, queried, and segmented, resulting in a wealth of information that is intended to provide qualitative commentary on the research industry and to recognize the most prolific disclosers of vulnerability reports. This research service includes bugs reported by security vendors and research/testing labs such as iDefense, TippingPoint, and Secunia.
Market Overview:
Emerging Technologies Continues to Propel the Vulnerability Research Market
The 497 Vulnerabilities Reported in 2010 is an Increase of 62 Percent from 2009
Network security research is crucial for the protection of critical telecommunications and computing systems, especially considering the prevalence of increasingly powerful mobile computing devices and emergence of new technologies such as cloud computing and voice over Internet protocol (VoIP). Companies’ acknowledgement of the necessity of vulnerability research translated into steady growth throughout 2010, despite the challenges presented by the economic downturn in 2009. This trend is expected to gain traction, as established researchers become more proficient and both customers and software vendors realize the value of vulnerability intelligence services and improve the quality of software. The industry is anticipated to continue growing with the release of each new application. “Advances in software and technology not only empower users and improve productivity, but unfortunately, can also expose its users to cyber attacks,” says the analyst of this research.
Organizations with contributor compensation programs are attracting large number of researchers with offers of financial rewards. As demonstrated by the meteoric rise of new entrants, contributor compensation programs can lower entry barriers and encourage individual researchers to make a more valuable impact on the state of security. Companies backed by sufficient financial resources could leapfrog to the top of the discloser lists. “The vendors that have supplemented their research abilities through bug bounty programs have been the top reporters of original vulnerability data in recent years,” observes the analyst. “This is a model that not every company can emulate, but can be very fruitful for companies that choose to.”
Companies also offer numerous tools and training sessions for the public; however, remuneration and benefits notwithstanding, this is a dynamic industry that places researchers in challenging positions. There is a fine line between responsible and full disclosure, and researchers have to use their discretion to strike a balance between the two. “Improper reporting processes can provide hackers with an advantage, or researchers may not get due credit if they wait too long,” notes the analyst. “Although many software vendors understand the importance of vulnerability research, a few remain uncooperative.” As a result, this industry has had to deal with several polarized points of debate and has not completely tapped into its growth potential.
Product samples
A sample for this product is available. Please Login/Register to download this sample.
|
|
|
|
