For the past three years, I have collected and published revenue numbers from tools and services in the software security space. Here are pointers to the three resulting articles, including this year’s NEW article (for 2008):

• informIT (2008): Software Security Comes of Age: Space approaches $500M threshold
• informIT (2007): Software Security Demand Rising
• Darkreading (2006): Want Turns to Need

Before some observations, here is a pretty picture showing growth over time, divided among tools, services, and pizza boxes. Cigital remains the largest independent software security services company. For more details, see my informIT report.

Probably the most important development in 2008 is that the space as a whole is nearing a very important $500M threshold. At this level of business activity, the technology analysts start to take a big interest. This creates a feedback loop of sorts as the middle market engages. Some evidence of this effect:

• Gartner analyst Joseph Fieman published the FIRST Gartner magic quadrant for the tools part of the software security space this year.
• Chenxi Wang from Forrester published a Q4 report on the future of software security (registration supposedly required)

Other analysts of note include:

• Ramon Krikken from Burton Group
• Charles Kolodgy from IDC
• Nigel Stanley from Bloor Research

I will continue to track growth and development of software security over time, but I am very pleased that the analysts are pitching in. As software security matures and the middle market emerges, we will start to have an important impact on the rest of computer security.