Cyentia Cybersecurity Research Library
  • Sources
  • Tags
  • About
  • Sponsors
  • More from Cyentia

Cyentia Institute

Below you will find reports with the source of “Cyentia Institute”

image from Vulnerability Remediation Performance Snapshot for the Finance Sector

Vulnerability Remediation Performance Snapshot for the Finance Sector

An extension of the Prioritization to Prediction series, this report uses a sample of approximately 100 finance sector firms to better understand the means and metrics of vulnerability management with the sector.

(more available)
Added: September 23, 2020
image from Vulnerability Remediation Performance Snapshot for the Technology Sector

Vulnerability Remediation Performance Snapshot for the Technology Sector

An extension of the Prioritization to Prediction series, this report uses a sample of approximately 70 technology services to better understand the means and metrics of vulnerability management with the sector.

(more available)
Added: September 23, 2020
image from Third-Party Security Signals: Exposing the reality of unsafe network services

Third-Party Security Signals: Exposing the reality of unsafe network services

Using RiskRecon’s telemetry of the public risk surface of thousands of organizations, this report takes a look at services which are commonly viewed as unsafe. The prevalence and co-occurrence of these services is used as a indicator of other hygiene and risk indicators at firms.

(more available)
Added: September 2, 2020
image from Weaving a Safer Web: The State and Significance of TLS 1.2 Support

Weaving a Safer Web: The State and Significance of TLS 1.2 Support

A deep dive into the state of deploying the latest TLS version (v1.2) and the use of this signal for correlating with broader public-facing risk surfaces and characteristics of firms.

(more available)
Added: July 6, 2020
image from Information Risk Insights Study (IRIS) 20/20

Information Risk Insights Study (IRIS) 20/20

Using breach information from Advisen, this report seeks to fill in missing gaps in the loss frequency and impact side of quantitative risk analysis. Using real world reported data on publicly-discoverable breaches, commonly held myths of cost per record estimates are debunked and replacement hard statistics are given to replace incorrect estimates.

(more available)
Added: June 10, 2020
image from Ripples Across the Risk Surface

Ripples Across the Risk Surface

Using breach data from Advisen, this report defines ripple effects of breaches as the impacts on companies more than one degree of separation from the company directly affected by the breach. As vendor relationships are both broad and deep, a breach in any one company in a network can have distant effects on companies not directly related. The implications upon third party risk management are explored.

(more available)
Added: June 10, 2020
image from 2019 Application Protection Report, 2nd Edition: The Virtue of Visibility

2019 Application Protection Report, 2nd Edition: The Virtue of Visibility

The second annual application protection report (APR) from F5 Labs combines data from F5’s global customer base with network telemetry from Baffin Bay to catalog and analyze the major threats facing application security practitioners. Includes recommendations for appsec professionals.

(more available)
Added: June 3, 2020
image from State of Software Security: Open Source Edition

State of Software Security: Open Source Edition

A special edition of the Veracode SOSS series, focusing on the vulnerabilities present in open source software libraries and the surrounding ecosystem.

(more available)
Added: May 19, 2020
image from Prioritization to Prediction: Volume 5

Prioritization to Prediction: Volume 5

P2P Volume 5 focuses on the differences between asset types (OS) and how vulnerabilities are treated on different platforms.

Added: April 21, 2020
image from Road to Security Operations Maturity

Road to Security Operations Maturity

A survey of over 250 security professionals on security operations center (SOC) practices and how those practices relate to outcomes.

(more available)
Added: November 25, 2019
image from Internet Risk Surface Report

Internet Risk Surface Report

This report goes in depth into the state of Internet security, including how companies are storing data, orgation’s internet surface areas, and where exposures exist the most.

(more available)
Added: October 1, 2019
image from Cloud Risk Surface Report

Cloud Risk Surface Report

This publication looks into the safety of cloud and on-prem environments.

Added: October 1, 2019
image from Prioritization To Prediction Volume 4: Measuring What Matters in Remediation

Prioritization To Prediction Volume 4: Measuring What Matters in Remediation

This research was commissioned by Kenna Security. Kenna collected and provided the remediation dataset to the Cyentia Institute for independent analysis and drafting of this report.

(more available)
Added: September 18, 2019
image from Striking Security Gold: Uncovering Hidden Insights in a decade's worth of RSA Conference abstracts

Striking Security Gold: Uncovering Hidden Insights in a decade's worth of RSA Conference abstracts

From the report, “But what exactly do we talk about when we talk “security?” That’s the question we seek to answer in this report, which has its roots in a similar question asked by an eight-year-old daughter two and a half years ago: “What’s the RSA Conference about, Daddy?” That root sprouted into a four-part blog series and a panel discussion a year later where we analyzed 25 years of session titles in honor of the 25th anniversary of RSA Conference.”

(more available)
Added: March 16, 2019
image from Prioritization To Prediction: Volume 3: Winning the Remediation Race

Prioritization To Prediction: Volume 3: Winning the Remediation Race

From the report, “The Prioritization to Prediction series is an ongoing research initiative between Kenna Security and the Cyentia Institute. The first volume proposed a model for predicting which of the numerous hardware and software vulnerabilities published each month were most likely to be exploited, and thus deserving of priority remediation. The second volume sought to apply and test that theoretical model using empirical data collected on billions of observed vulnerabilities. We ended the last report by analyzing vulnerability remediation timeframes across a sample of 12 firms. This third volume picks up where we left off and expands the analysis to roughly 300 organizations of different types and sizes. We leverage a technique called survival analysis to draw out important lessons about remediation velocity and capacity, concepts we explore and define during the course of this report. Overall, our goal is to understand what it means to survive—nay thrive—in the race of vulnerability remediation.” Read on to find out more.

(more available)
Added: March 16, 2019
image from Prioritization to Prediction: Volume 2: Getting Real About Remediation

Prioritization to Prediction: Volume 2: Getting Real About Remediation

From the report, ““Realized coverage & efficiency vary greatly among firms—over 50% between top and bottom performers—indicating different remediation strategies lead to very different outcomes.” Where is your strategy leading?” Read on to find out more.

(more available)
Added: March 16, 2019
image from Declassified: Unraveling The Cyber Skills Gap & Talent Shortage

Declassified: Unraveling The Cyber Skills Gap & Talent Shortage

This report shares findings from a survey conducted of more than 3,100 IT, security and other non-technical professionals. It explores their learning habits, levels of personal and organizational preparedness, and factors that improve their confidence and defensive capabilities. If the key findings below resonate with challenges facing your organization, then you will definitely want to add this to the top of your reading list.

(more available)
Added: March 16, 2019
image from State Of Software Security Volume 9

State Of Software Security Volume 9

“For a long time now, SOSS has provided a reliable yardstick for the most common vulnerabilities found in software, as well as how organizations are measuring up to security industry benchmarks throughout the software development lifecycle (SDLC). One thing we’ve always wanted to understand better, though, is how quickly these organizations are actually fixing flaws once they’ve been identified in application security scans. This year, we turned our data analysis up a notch by working with the data scientists at Cyentia Institute, so that we could gain better visibility into the factors that go into fixing flaws. Readers will find valuable insight on how factors like flaw severity, business criticality of applications, and exploitability of the flaws change the rate at which certain vulnerabilities are fixed.”

(more available)
Added: November 4, 2018
image from Cyber Balance Sheet: 2018 Report

Cyber Balance Sheet: 2018 Report

“In last year’s report, we sought to break down walls of misunderstanding between cybersecurity leaders and corporate directors. We continue chipping away at those walls this year, but expand the scope of our research to include a broader set of stakeholders and topics relevant to our increasingly important goal.”

(more available)
Added: November 4, 2018
image from Prioritization To Prediction

Prioritization To Prediction

This paper begins with a review of data sources available for building or improving decision models for vulnerability remediation. It then discusses the vulnerability lifecycle and examine timelines and triggers surrounding key milestones. Identifying attributes of vulnerabilities that correlate with exploitation comes next on the docket. The last section measures the outcomes of several remediation strategies and develops a model that optimizes overall effectiveness.

(more available)
Added: October 24, 2018
image from Cyber Balance Sheet 2017 Report

Cyber Balance Sheet 2017 Report

This study prepared by the Cyentia Institute breaks down walls between cybersecurity leaders and Boards of Direc- tors. Data is often said to be the lifeblood of the company; yet, there is immense frustration at how risks to that information are measured, mitigated, and communicated across the enterprise. As the financial, regulatory, and legal stakes of data breaches and disruptions rise, leaders at all levels must come together to protect and further the business.

(more available)
Added: October 21, 2018
  • ««
  • «
  • 1
  • 2
  • 3
  • 4
  • »
  • »»
© Cyentia Institute 2025
Library updated: July 11, 2025 00:08 UTC (build b1d7be4)