Report Date: December 2010 In this research, we analyze the evolution of the static application security testing market, and evaluate its vendors according to their business and technology vision, as well as their ability to execute against that vision in their products and services. As attacks have become more financially motivated, and as organizations have improved the security of their network, desktop and server infrastructures, there has been a shift to application-level attacks. Static application security testing (SAST) is one of the technology markets aimed at securing applications. SAST should be considered a mandatory requirement for all IT organizations that develop or procure applications. Even though the market has not reached maturity, enterprises must adopt SAST technologies and processes because the need is strategic. SAST technology is maturing slowly: The SAST market only recently passed through the Trough of Disillusionment in Gartners "Hyper Cycle for Data and Application Security 2010." It will take more than five years for the market to fully mature and for the technology to be widely adopted, primarily because application security adoption requires not only technological advancements, but also changes in application development and maintenance processes, Addressing application security cannot be resolved simply with the purchase of a SAST solution or another application security technology, Chances in mind-set and to processes will also be needed, but these are more difficult to implement. Market consolidation continues, and the market now offters SAST technologies from large application development platform vendors, as well as point solutions from small, innovative startups.
Mentions: IBM, HP, Fortify Software, Veracode, Parasoft, Coverity, Klocwork, GrammaTech, Armonrize Technologies, Checkmarx
Free Download of Full Report
Topics: Market Research, Competitive Intelligence, Competitive Strategy, Market Intelligence