Gartner has released the first application security-centric Magic Quadrant and I was surprised not by the landing of the players, but the accuracy and completeness of the $100 million market for SAST (Static Application Security Testing)

Magic Quadrant SAST includes : Fortify, Ounce Labs, HP, IBM, Veracode, Coverity, Parasoft, Kloowork, Microsoft, Compuware.

A few words about the occupants of the first two positions :

• Fortify has a broader vision and a greater ability to execute than anybody else which makes it the undisputed leader. What lacks Fortify, according to Gartner is an advanced capability to perform DAST (Dynamic Application Security Testing).

• Ounce Labs position does not reflect it’s performance in R& D entirely. Instead, the company seems to be well known for it’s DAST and SAST capabilities. A Historical weakness in marketing, as Gartner nicely puts it complements the 15% reduction of it’s workforce to cast a questionable shadow over Ounce Labs ability to grow it’s business any further.

This Magic Quadrant has been made public by Fortify and you can download it here (PDF). Alternatively, here is a link to a cached copy on my server.

UPDATE : OunceLabs released it’s own PR about this Gartner Magic Q taking advantage of their position as leaders. The leading phrase is, however, is a bit exaggerated :

Leading Analyst Firm Recognizes Ounce Labs for Completeness of Vision and Ability to Execute

C’mon guys..

UPDATE 2 : Coverity’s PR is also feeding on the recent Gartner Magic Quadrant

Thank you for reading this post. You can now Read Comments (3) or Leave A Trackback.  Print This Post