This annual report covers data from 1,602 penetration tests conducted in 2020 as well as survey information from 601 firms in the pursuit of understanding secure development, vulnerability remediation, and opportunities for process improvements. (more available)

A meta-analysis of industry reports on the variety and forms of application exploits used in security incidents.

Get best practices on managing your open source libraries in our State of Software Security v11: Open Source Edition report. Based on 13 million scans of more than 86,000 repositories, SOSS v11: Open Source Edition gives you a unique perspective on the open source libraries in codebases today, how organizations are managing the security of these libraries, and best practices on using open source code securely. (more available)

What makes for successful cybersecurity? Is there evidence that security investments result in measurable outcomes? How do we know what actually works and what doesn’t? (more available)

This report takes a look at the public cloud, adoption trends, security concerns, app vulnerabilities, and a variety of related issues faced with rapid cloud adoption. (more available)

The 2020 edition of this annual report uses results of software scan patterns and results across thousands of global customers. A focus for this edition is the effects of nature (the corporate environment of applications) vs. (more available)

This report attempts to understand the theory and practice of web application security in organizations worldwide.

This report goes into the hacking industry in 2020. It talks about the impact of hackers on security, bug bounty trends, and more. (more available)

A report from aggregate telemetry on Contrast Security customers' applications between June 2019 and May 2020. Covers application vulnerability prevalence, time to remediation, attacks, and composition, among other themes. (more available)

This study examines trends in application development security. It looks as the extent to which security teams understand modern development practices, what influences application security investments, and the dynamic between development teams and cybersecurity teams. (more available)

The 2020 Intricately Cloud Security Market Report unpacks global cloud security trends surrounding the growth of application security.

The 2020 OSSRA includes insights and recommendations to help security, risk, legal, and development teams better understand the open source security and license risk landscape. (more available)

This report goes into the general state of cyber resilience. At a glance, Innovation investment is growing, Cybersecurity basics are better, and leading organizations are getting better at preventing and fixing breaches. (more available)

A survey of 400 public sector IT decision makers and influencers to determine challenges faced by public sector IT professionals, security threats, and cybersecurity capabilities. (more available)

This report sought to understand the health and security of Free and Open Source Software (FOSS) as it is today. It identifies the most commonly used free and open source software components in production applications, and examines them for potential vulnerabilities. (more available)

The Cloud Security Report is an annual paper published by ISC(2). It goes in depth on the changing cloud environment as companies continue to rapidly migrate workloads from data centers to the cloud. (more available)

The annual report from Snyk on the state of open source software from a security perspective. Includes survey data from 500+ developers, internal Snyk vulnerability data from the projects monitored by Snyk, and additional aggregated source code repository data. (more available)

This report from Forrester goes into the state of application security for 2020, detailing changes in the external attack methods, and changes companies should make to their application security efforts. (more available)

The annual report on the composition and findings of security testing as powered by BugCrowd’s bug bounty platform of nearly 3,500 security testers. (more available)

For the sixth annual State of Application Services survey, F5 heard from nearly 2,600 respondents globally— across a range of industries, company sizes, and roles—about the challenges and opportunities presented by the ongoing process of digital transformation. (more available)

The seventh annual survey from Sonatype covers the differences between mature and immature DevOps practices. Special focuses on developer satisfaction, security policy adherence, and security investments. (more available)