Get best practices on managing your open source libraries in our State of Software Security v11: Open Source Edition report. Based on 13 million scans of more than 86,000 repositories, SOSS v11: Open Source Edition gives you a unique perspective on the open source libraries in codebases today, how organizations are managing the security of these libraries, and best practices on using open source code securely.

What makes for successful cybersecurity? Is there evidence that security investments result in measurable outcomes? How do we know what actually works and what doesn’t? These are the types of burning questions guiding Cisco’s 2021 Security Outcomes Study, which pulls together the experiences of over 4,800 IT, security, and privacy professionals around the world. This document is an offshoot of the larger study that focuses on small and midsize businesses (SMBs). Discover how SMBs compare to larger enterprises when it comes to security, and what key factors contributed to successful security planning in companies like yours.

This report takes a look at the public cloud, adoption trends, security concerns, app vulnerabilities, and a variety of related issues faced with rapid cloud adoption.

The 2020 edition of this annual report uses results of software scan patterns and results across thousands of global customers. A focus for this edition is the effects of nature (the corporate environment of applications) vs. nurture (the behaviors developers take) and the relative effect each has on application security.

This report attempts to understand the theory and practice of web application security in organizations worldwide.

This report goes into the hacking industry in 2020. It talks about the impact of hackers on security, bug bounty trends, and more.

A report from aggregate telemetry on Contrast Security customers’ applications between June 2019 and May 2020. Covers application vulnerability prevalence, time to remediation, attacks, and composition, among other themes.

This study examines trends in application development security. It looks as the extent to which security teams understand modern development practices, what influences application security investments, and the dynamic between development teams and cybersecurity teams.

The 2020 Intricately Cloud Security Market Report unpacks global cloud security trends surrounding the growth of application security.

The 2020 OSSRA includes insights and recommendations to help security, risk, legal, and development teams better understand the open source security and license risk landscape.

This report goes into the general state of cyber resilience. At a glance, Innovation investment is growing, Cybersecurity basics are better, and leading organizations are getting better at preventing and fixing breaches.

A survey of 400 public sector IT decision makers and influencers to determine challenges faced by public sector IT professionals, security threats, and cybersecurity capabilities.

This report sought to understand the health and security of Free and Open Source Software (FOSS) as it is today. It identifies the most commonly used free and open source software components in production applications, and examines them for potential vulnerabilities.

The Cloud Security Report is an annual paper published by ISC(2). It goes in depth on the changing cloud environment as companies continue to rapidly migrate workloads from data centers to the cloud.

The annual report from Snyk on the state of open source software from a security perspective. Includes survey data from 500+ developers, internal Snyk vulnerability data from the projects monitored by Snyk, and additional aggregated source code repository data.

This report from Forrester goes into the state of application security for 2020, detailing changes in the external attack methods, and changes companies should make to their application security efforts.

The annual report on the composition and findings of security testing as powered by BugCrowd’s bug bounty platform of nearly 3,500 security testers.

For the sixth annual State of Application Services survey, F5 heard from nearly 2,600 respondents globally— across a range of industries, company sizes, and roles—about the challenges and opportunities presented by the ongoing process of digital transformation. Their responses provide a unique view of the trends shaping the application landscape and how organizations around the world are transforming to meet the ever-changing demands of the digital economy.

The seventh annual survey from Sonatype covers the differences between mature and immature DevOps practices. Special focuses on developer satisfaction, security policy adherence, and security investments. Over 5,000 respondents in this year’s survey.

A special edition of the Veracode SOSS series, focusing on the vulnerabilities present in open source software libraries and the surrounding ecosystem.

As software proliferates and DevOps takes hold, we conducted this study to understand the impact of utilizing Pentest as a Service (PtaaS) vs. traditional pentesting services. Within the backdrop of modern software development practices and rising appsec priorities, our study found that DevOps is a driving force for pushing pentest into the cloud and deploying Pentest as a Service. Furthermore, DevOps demands that appsec measures are delivered in a fashion that favors communication, transparency, and collaboration- PtaaS is exactly the evolution that addresses those aspects.