The information included in this report is summary data from the pentesting performed in 2018. Additionally, we provide survey data from respondents in security, management, operations, DevOps, product, and developer roles. (more available)

The State of Pentesting: 2020 report assesses which web application security vulnerabilities can be found reliably using machines and which require human expertise to manually identify. (more available)

The State of Pentesting 2022 Report focuses on issues and stats that are relevant to both security and development teams: to separate these two inextricably linked groups would only yield a partial picture of the security landscape. (more available)

The Secureworks Counter Threat Unit (CTU) research team analyzes security threats and helps organizations protect their systems. During November and December 2020, CTU researchers observed notable developments in threat behaviors, the global threat landscape, and security trends, and identified lessons to consider. (more available)

This report looks at the entire history of active applications, not just the activity associated with the application over one year. (more available)

Palo Alto Networks surveyed 3,000 cloud security and DevOps professionals from around the world to gain insight into organizations’ cloud adoption strategies, budgets, experiences, and future plans. (more available)

An annual state of the market report, which explores the views of a snapshot cohort of 55 security leaders on key themes, including; the skills shortage, barriers to strategy execution, the business perception of cyber security, and more. (more available)

This annual report covers data from 1,602 penetration tests conducted in 2020 as well as survey information from 601 firms in the pursuit of understanding secure development, vulnerability remediation, and opportunities for process improvements. (more available)

A meta-analysis of industry reports on the variety and forms of application exploits used in security incidents.

Get best practices on managing your open source libraries in our State of Software Security v11: Open Source Edition report. Based on 13 million scans of more than 86,000 repositories, SOSS v11: Open Source Edition gives you a unique perspective on the open source libraries in codebases today, how organizations are managing the security of these libraries, and best practices on using open source code securely. (more available)

What makes for successful cybersecurity? Is there evidence that security investments result in measurable outcomes? How do we know what actually works and what doesn’t? (more available)

This report takes a look at the public cloud, adoption trends, security concerns, app vulnerabilities, and a variety of related issues faced with rapid cloud adoption. (more available)

The 2020 edition of this annual report uses results of software scan patterns and results across thousands of global customers. A focus for this edition is the effects of nature (the corporate environment of applications) vs. (more available)

This report attempts to understand the theory and practice of web application security in organizations worldwide.

This report goes into the hacking industry in 2020. It talks about the impact of hackers on security, bug bounty trends, and more. (more available)

A report from aggregate telemetry on Contrast Security customers' applications between June 2019 and May 2020. Covers application vulnerability prevalence, time to remediation, attacks, and composition, among other themes. (more available)

This study examines trends in application development security. It looks as the extent to which security teams understand modern development practices, what influences application security investments, and the dynamic between development teams and cybersecurity teams. (more available)

The 2020 Intricately Cloud Security Market Report unpacks global cloud security trends surrounding the growth of application security.

The 2020 OSSRA includes insights and recommendations to help security, risk, legal, and development teams better understand the open source security and license risk landscape. (more available)

This report goes into the general state of cyber resilience. At a glance, Innovation investment is growing, Cybersecurity basics are better, and leading organizations are getting better at preventing and fixing breaches. (more available)

A survey of 400 public sector IT decision makers and influencers to determine challenges faced by public sector IT professionals, security threats, and cybersecurity capabilities. (more available)