Ivan Ristic has posted his thoughts on the web application firewall market. While Ivan works for a vendor he has been working on mod_security for years and is extremely knowledgeable on the subject. I also interviewed Ivan back in 2006.
"There is a long-running tradition in the web application firewall space; every year we say: "This year is going to be the one when web application firewalls take off!" So far, every year turned out to be a bit of a disappointment in this respect. This year feels different, and I am not saying this because it's a tradition to do so. Recent months have seen a steady and significant rise in the interest in and the recognition of web application firewalls. But why is it taking so long?
Having been involved with the industry for many years, I come up with many valid theories to explain the apparent slow adoption of web application firewalls. Here are some of them: "
Article Link: http://blog.ivanristic.com/2008/01/tide-is-turning.html