Adequate vulnerability research can prevent network security breaches resulting in a loss of billions of dollars. This has given rise to vulnerability research markets.

New analysis from Frost & Sullivan, 2006 World Vulnerability Research Markets, finds that while the well-known security research labs contribute the majority of vulnerabilities, there are still 31% of vulnerabilities coming from vendors and other organisations.

"The market for vulnerability research witnessed robust growth in 2006 with vulnerability contribution programs contributing significantly to the discovery and disclosure of vulnerabilities," notes Frost & Sullivan Industry Manager Robert Ayoub.

The market for vulnerability research is growing at a steady pace. However, misconceptions are limiting this market from reaching its maximum growth potential.

"Some speculate that companies offering a proactive, competitive, responsible disclosure program have not only gained a competitive edge, but are also acting in a socially responsible manner," says Ayoub. "However, misconceptions say that individuals are responsible for most of the disclosures and that vulnerability contribution programs promote hacking."

Regardless, these companies are reshaping the vulnerability research market, being credited with more discoveries than traditional research laboratories.

Also, attackers are now exploiting medium-severity vulnerabilities in third-party applications, such as Web applications and Web browsers instead of exploiting high-severity vulnerabilities in direct attacks. Hence, assuming that only high severity threats are important can impede market growth.