(taken from the four stages of learning)
Stage 1. Unconscious incompetence. The market, as a whole, does not realize there is a problem to be solved. An example is Oracle vulnerability management.
Stage 2. Conscious incompetence. The market starts to realize that there is a problem that needs to be solved, but is generally unaware of how to solve it or what solutions are available. In many cases the solutions themselves are not that mature or widely adopted. An example is secure application development and the use of security scanning tools as part of the SDLC.
Stage 3. Conscious competence. The market is addressing the problem, solutions are becoming more mature, but they are not fully operationalized or commoditized. An example is network IPS.
Stage 4. Unconcious competence. Solutions are mature, operationalized, commoditized, part of doing business, require minimal management or administration once deployed. An example is firewalls.
When considering where a market is (except compliance which isn’t a market no matter how much compliance weenies and overzealous vendors jump up and down and say it is!) consider these four stages to determine the potential adoption of technology, processes, or understanding.