What makes for successful cybersecurity? Is there evidence that security investments result in measurable outcomes? How do we know what actually works and what doesn’t? (more available)

This report takes a look at the public cloud, adoption trends, security concerns, app vulnerabilities, and a variety of related issues faced with rapid cloud adoption. (more available)

The 2020 edition of this annual report uses results of software scan patterns and results across thousands of global customers. A focus for this edition is the effects of nature (the corporate environment of applications) vs. (more available)

This report attempts to understand the theory and practice of web application security in organizations worldwide.

This report goes into the hacking industry in 2020. It talks about the impact of hackers on security, bug bounty trends, and more. (more available)

A report from aggregate telemetry on Contrast Security customers’ applications between June 2019 and May 2020. Covers application vulnerability prevalence, time to remediation, attacks, and composition, among other themes. (more available)

This study examines trends in application development security. It looks as the extent to which security teams understand modern development practices, what influences application security investments, and the dynamic between development teams and cybersecurity teams. (more available)

The 2020 Intricately Cloud Security Market Report unpacks global cloud security trends surrounding the growth of application security.

The 2020 OSSRA includes insights and recommendations to help security, risk, legal, and development teams better understand the open source security and license risk landscape. (more available)

This report goes into the general state of cyber resilience. At a glance, Innovation investment is growing, Cybersecurity basics are better, and leading organizations are getting better at preventing and fixing breaches. (more available)

A survey of 400 public sector IT decision makers and influencers to determine challenges faced by public sector IT professionals, security threats, and cybersecurity capabilities. (more available)

This report sought to understand the health and security of Free and Open Source Software (FOSS) as it is today. It identifies the most commonly used free and open source software components in production applications, and examines them for potential vulnerabilities. (more available)

The Cloud Security Report is an annual paper published by ISC(2). It goes in depth on the changing cloud environment as companies continue to rapidly migrate workloads from data centers to the cloud. (more available)

The annual report from Snyk on the state of open source software from a security perspective. Includes survey data from 500+ developers, internal Snyk vulnerability data from the projects monitored by Snyk, and additional aggregated source code repository data. (more available)

This report from Forrester goes into the state of application security for 2020, detailing changes in the external attack methods, and changes companies should make to their application security efforts. (more available)

The annual report on the composition and findings of security testing as powered by BugCrowd’s bug bounty platform of nearly 3,500 security testers. (more available)

For the sixth annual State of Application Services survey, F5 heard from nearly 2,600 respondents globally— across a range of industries, company sizes, and roles—about the challenges and opportunities presented by the ongoing process of digital transformation. (more available)

The seventh annual survey from Sonatype covers the differences between mature and immature DevOps practices. Special focuses on developer satisfaction, security policy adherence, and security investments. (more available)

A special edition of the Veracode SOSS series, focusing on the vulnerabilities present in open source software libraries and the surrounding ecosystem. (more available)

As software proliferates and DevOps takes hold, we conducted this study to understand the impact of utilizing Pentest as a Service (PtaaS) vs. (more available)

This document institutes the third edition of the CISO Current report and contains data gathered from direct interviews surveying almost 40 cybersecurity executives at leading enterprises. (more available)