Cyentia Cybersecurity Research Library
  • Sources
  • Tags
  • About
  • Sponsors
  • More from Cyentia

Cyentia Institute

Below you will find reports with the source of “Cyentia Institute”

image from State of Software Security v12

State of Software Security v12

This report looks at the entire history of active applications, not just the activity associated with the application over one year. By doing so, we can view the full life cycle of applications, which results in more accurate metrics and observations. Aside from looking at the past, this report also imagines the future by considering practices that might help improve application security.

(more available)
Added: February 10, 2022
image from Prioritization to Prediction Volume 8: Measuring and Minimizing Exploitability

Prioritization to Prediction Volume 8: Measuring and Minimizing Exploitability

We do two very important and timely things in this report. We first explore ways to measure exploitability for individual vulnerabilities—and far more importantly—entire organizations. Second, we create a simulation that seeks to minimize organizational exploitability under varying scenarios combining vulnerability prioritization strategies and remediation capacity. Bottom line: If you’re looking for proven ways to squeeze the most risk reduction from your vulnerability management (VM) efforts, this report is for you.

(more available)
Added: January 20, 2022
image from Security Outcomes Study Vol. 2

Security Outcomes Study Vol. 2

Over 5,100 IT and security professionals across 27 countries were asked about their organizations’ approaches to updating and integrating security architecture, detecting and responding to threats, and staying resilient when disaster strikes. They shared a wide range of insights, struggles, strategies, and successes. Responses were analyzed in multiple ways and key findings were extracted.

(more available)
Added: December 7, 2021
image from Ripples Across the Risk Surface: 2021

Ripples Across the Risk Surface: 2021

A continued look at “ripple events” - multi-party security events - examining the size and frequency of these events, firmographics, as well as the velocity of spread of such events.

(more available)
Added: September 21, 2021
image from The State of the State of Application Exploits in Security Incidents

The State of the State of Application Exploits in Security Incidents

A meta-analysis of industry reports on the variety and forms of application exploits used in security incidents.

Added: July 22, 2021
image from State of Software Security v11: Open Source Edition

State of Software Security v11: Open Source Edition

Get best practices on managing your open source libraries in our State of Software Security v11: Open Source Edition report. Based on 13 million scans of more than 86,000 repositories, SOSS v11: Open Source Edition gives you a unique perspective on the open source libraries in codebases today, how organizations are managing the security of these libraries, and best practices on using open source code securely.

(more available)
Added: June 22, 2021
image from Security Outcomes Study: Endpoint Edition

Security Outcomes Study: Endpoint Edition

Endpoint security is the last line of defense. Now more than ever, effective endpoint protection is essential to the success of any cybersecurity program. The good news? A powerful endpoint security solution can help you avoid major incidents while setting you up for success across other business areas.

(more available)
Added: May 24, 2021
image from Prioritization to Prediction Volume 7: Establishing Defender Advantage

Prioritization to Prediction Volume 7: Establishing Defender Advantage

Do exploit code releases help or harm defenders? We decided to put this hotly contested debate to the test. The seventh volume of the Prioritization to Prediction series produced in conjunction with the Cyentia Institute attacks this debate from all angles. Poring over Kenna Security’s own threat and vulnerability intelligence, anonymized platform data, and Fortinet exploitation data, we analyzed over 6 billion vulnerabilities affecting 13 million active assets across nearly 500 organizations.

(more available)
Added: May 13, 2021
image from Elevating Human Attack Surface Management

Elevating Human Attack Surface Management

Every year, enterprises spend millions on security technology and training — only to be caught on the hamster wheel of responding to incidents caused by recurrent human errors. Incredibly, human error has played a role in 88% of the total losses from the largest cyber incidents of the last 5 years.

(more available)
Added: May 12, 2021
image from From Uncertainty to Understanding

From Uncertainty to Understanding

Using RiskRecon’s assessment information, explanatory models are built to demonstrate the value of technical information in predicting measures of risk at varying levels of greater technical insight.

(more available)
Added: May 11, 2021
image from The 2021 Security Outcomes Study – Small and Midsize Business Edition

The 2021 Security Outcomes Study – Small and Midsize Business Edition

What makes for successful cybersecurity? Is there evidence that security investments result in measurable outcomes? How do we know what actually works and what doesn’t? These are the types of burning questions guiding Cisco’s 2021 Security Outcomes Study, which pulls together the experiences of over 4,800 IT, security, and privacy professionals around the world. This document is an offshoot of the larger study that focuses on small and midsize businesses (SMBs). Discover how SMBs compare to larger enterprises when it comes to security, and what key factors contributed to successful security planning in companies like yours.

(more available)
Added: April 19, 2021
image from Internt of Tip-offs (IoT)

Internt of Tip-offs (IoT)

An analysis on the indicators to be derived from detecting Internet of Things (IoT) in organization’s public internet facing profiles.

(more available)
Added: January 26, 2021
image from Internet Risk Surface in the Financial Sector

Internet Risk Surface in the Financial Sector

A deep dive into the nature of the finance sector’s public risk surface. Reviewing subsectors of the finance ecosystem, including supply chains.

(more available)
Added: December 9, 2020
image from The 2021 Security Outcomes Study

The 2021 Security Outcomes Study

Based on a survey of over 4,800, this report reviews the practices that lead to positive outcomes for security programs. Linking together practices that are more (or less) successful to the characteristics of positive outcomes, this report aims to give guidance for where practitioners can focus their efforts to achieve similar outcomes.

(more available)
Added: December 1, 2020
image from Prioritization to Prediction: Volume 6 - The Attacker-Defender Divide

Prioritization to Prediction: Volume 6 - The Attacker-Defender Divide

This sixth volume of the Prioritization to Prediction series combines vulnerability data from Kenna’s customers with additional intelligence from Fortinet and others. This volume provides a quantitative analysis of the timeline of key dates in the lifecycle of an exploited vulnerability, exploring the effects of releasing exploit code relative to the date of CVE publication and patch availability, discussing the ramifications to attackers and defenders.

(more available)
Added: November 18, 2020
image from IRIS 20/20 Xtreme

IRIS 20/20 Xtreme

The IRIS 20/20 Xtreme is a follow-up to the IRIS 20/20 study earlier this year, this time focusing on the 100 largest cyber incidents of the last five years, totaling $18 billion in reported losses and 10 billion compromised records. This report breaks down the costs, categorizes incident types, identifies the actors behind these events and the actions they employed, and improves understanding of how these events impacted the organizations involved.

(more available)
Added: November 10, 2020
image from State of Third-Party Risk Management 2020

State of Third-Party Risk Management 2020

A survey-driven report of over 150 third-party risk practitioners to understand the challenges facing their programs, the actions those professionals are taking to address the challenges, and identify success factors.

(more available)
Added: November 5, 2020
image from State of Software Security: Volume 11

State of Software Security: Volume 11

The 2020 edition of this annual report uses results of software scan patterns and results across thousands of global customers. A focus for this edition is the effects of nature (the corporate environment of applications) vs. nurture (the behaviors developers take) and the relative effect each has on application security.

(more available)
Added: October 27, 2020
image from Internet Risk Surface in the Healthcare Sector

Internet Risk Surface in the Healthcare Sector

A deep dive into the nature of the healthcare sector’s public risk surface. Reviewing subsectors of the healthcare ecosystem, including supply chains.

(more available)
Added: October 15, 2020
image from Vulnerability Remediation Performance Snapshot for the Manufacturing Sector

Vulnerability Remediation Performance Snapshot for the Manufacturing Sector

An extension of the Prioritization to Prediction series, this report uses a sample of over 40 manufacturing sector firms to better understand the means and metrics of vulnerability management with the sector.

(more available)
Added: September 23, 2020
image from Vulnerability Remediation Performance Snapshot for the Healthcare Sector

Vulnerability Remediation Performance Snapshot for the Healthcare Sector

An extension of the Prioritization to Prediction series, this report uses a sample of approximately 30 healthcare sector firms to better understand the means and metrics of vulnerability management with the sector.

(more available)
Added: September 23, 2020
  • ««
  • «
  • 1
  • 2
  • 3
  • 4
  • »
  • »»
© Cyentia Institute 2025
Library updated: July 9, 2025 00:09 UTC (build b1d7be4)