Yup, just a cheap trick to attract search engines. But I was on a call with a Gartner client in Australia last night and the first words on the call were “Is it true?” So, sorry, click here if you really were looking for the top current events.
So, nothing relevant to this weeks news. Next week is Gartner’s Information Security Summit at the Gaylord hotel outside Washington DC. If you’ve ever heard the pork industry saying “We use every part of the pig except the oink” – at Gartner conferences, they use every part of the analyst including the oink. So, blogging may be sparse next week – I’ll end this week with just a few cool tidbits I’ve run across recently.
Back in the early 2000s, when Gartner’s security practice was much smaller than it is today, I was trying to push the idea of removing vulnerabilities from software before allowing it onto production systems. There were companies like Perfecto (who became Sanctum who became part of Watchfire who became part of IBM…) and a few others showing how it could be done – but trying to get the app dev side to listen was like pushing a rock up a hill. The Gartner analysts covering application development would tell me “Biz apps/development VPs don’t care about that – they don’t want anything to do with thinking about security, it will slow down development.” It was like when the car manufacturers hired more mechanics to fix defects in cars rather than avoid them before selling the car.
The vulnerability seeking worms of 2001 and 2003 began to force commercial software developers to change their software development life cycles, and that began to ripple into business application development. Now at Gartner we have Joseph Feiman leading our coverage of application security with Neil Macdonald, and enough products and revenue to have Market Scopes and Magic Quadrants in the area.
But back in 2004 HBGary sold off a product called Bugscan to LogicLibrary and both HBGary and Bugscan fell off my radar screen. They popped back on when they briefed me on their technology for analyzing executables to determine if they are malicious, and their partnership with Guidance Software on the computer forensics side.
I’m always on the lookout for technologies that will help with the “arbitrary malware” problem that is at the root of the most damaging threats today, so a few others were of interest, too. Codenomicon briefed Gartner on some advances in their protocol fuzzing capabilities and a partnership with Qualys. Preemptive Solutions briefed us on how their Runtime Intelligence Service can be used to monitor the execution path of applications, and their partnership with Microsoft. For the high end, Integrity Global Security (a spin-out from Green Hill) briefed us on their Integrity Software System that has been evaluated at EAL 6 against the Seperation Kernel Protection Profile for High Robustness.
A week in the life of a Gartner analyst always has a lot of vendor briefings, good and bad. There were some stinkers this week, but all in all it was nice to see some small companies doing innovative things – and even better to see some large companies already partnering with the innovative little guys.
4 responses so far ↓
1 Ilya Rabinovich // Jun 28, 2009 at 11:09 am
Hi John!
I’m just curious- what’s the profit for small software vendors to report to Gartner? And if there is a profit, what’s the mechanism to do this and what data are you looking for?
2 John Pescatore // Jun 28, 2009 at 4:21 pm
Hi, Ilya – if by “profit” you mean cost or payment to Gartner, there is *no* cost or payment to Gartner. Any vendor can schedule a briefing to Gartner analysts – just send email to vendor.relations@gartner.com and they will work to schedule. May take some time, especially if you want to brief multiple analysts at once, but that’s how it works. The process absolutely does not differentiate between vendors who are not Gartner clients or those who are – the analysts don’t even know.
If by “profit” you mean benefit to the vendor, it helps keep Gartner analysts, and by extension Gartner clients, aware of your product/services beyond what we will hear from our clients or from our open source research.
3 Ilya Rabinovich // Jun 29, 2009 at 6:01 am
John, thanks a lot for your clarifications!
Just one more question, if you don’t mind- is it valuable for Gartner if I’ll send some data to analysts or it’s just a waste of their time?
4 John Pescatore // Jun 29, 2009 at 9:44 pm
If you send data to analysts who cover a particular area, it can be valuable – if the data is meaningful. Data that provides details on how your product works, or case study information on how it is used – valuable. Press releases about hiring a new sales person or data about how your product is better than everyones else’s or data about new “trends” that magically favor your product – not so valuable.
You can look at http://www.gartner.com/0_admin/AnalystCoverageAreas.jsp to find which analysts have coverage of different areas.
Leave a Comment