This document institutes the third edition of the CISO Current report and contains data gathered from direct interviews surveying almost 40 cybersecurity executives at leading enterprises.

CyberEdge’s annual Cyberthreat Defense Report (CDR) plays a unique role in the IT security industry. Other surveys do a great job of collecting statistics on cyberattacks and data breaches and exploring the techniques of cybercriminals and other bad actors. Our mission is the provide deep insight into the minds of IT security professionals.

A survey-based review of how and why organizations are adopting cloud technologies, specifically from a business growth perspective. Makes some specific recommendations and has discussion on CASB solutions.

Veracode commissioned this survey from 451 Research to understand how widely accepted andpracticed coordinated disclosure – whereby a security researcher identifies a flaw and notifiesthe company, then the two work together to fix and publicly disclose the flaw – really is andwhere the pain points reside. In addition, we wanted to explore the means organizations haveestablished to receive vulnerability reports, and the attitudes toward a coordinated disclosurepolicy on both sides of the organization and among external security researchers. We also soughta deeper understanding of the motivations of security researchers, actions when a vulnerabilityis identified, timing for disclosure, desired outcomes, how organizations structure disclosurepolicies, and the effectiveness of bug bounties.

This report covers: the security practices for each of the two different core projects, both Angular and React, the state of security of each of the two different module ecosystems, based on an in-depth look at the vulnerabilities contained in each of the ecosystems, the security practices for other common JavaScript frontend framework alternatives such as Vue.js, Bootstrap and jQuery, and the significant security differences between the different alternatives, and particularly between Angular and React

This report from Outsystems is based off of a survey of over 3,300 companies. It had 5 key things they looked into: How organizations’ app dev practices adapt to meet digital transformation and agility objectives, challenges in meeting application development goals, strategies IT teams use to speed up application delivery, and if these strategies are working to overcome resource constraints and reduce backlogs.

This report outlines the state of open source security, including open source adoption, known vulnerabilities, and vulnerability identification.

This report goes in-depth into trends in healthcare data security, surveying 26,000 companies and analyzing terabytes of information.

Each year, industry leaders from around the world submit an application to be a speaker at RSA Conference. This year, we received 2,400 responses to our 2020 Call for Speakers. By sifting through all the entries, we were able to identify 10 trends that weaved their way through many of the submissions. Examining these trends provides a glimpse of what will be on the minds of cybersecurity professionals in 2020,

A report by DZone showing trends in the changing AppSec industry.

This report goes in depth on the state of software security, going into overall security, application security testing, how flaws are and are not equal, and security debt.

This report explores the results of the 2019 (ISC)² Cybersecurity Workforce Study, providing details on the cybersecurity workforce and gap estimates, taking a closer look at cybersecurity professionals and their teams, reviewing key steps on the cybersecurity career path, and discussing insights into immediate and longer-term methods for building qualified and resilient cybersecurity teams now and in the future.

This white paper describes the critical role of pen testing for web applications. It explores the economics of “classic” pen testing and considers a variety of unseen costs and points of diminishing value. The paper concludes by describing a next-generation hybrid applicationsecurity-testing-as-a-service and how it can help bring the flexibility in applying both automated app testing tools (DAST) and the human expertise of ethical hackers (pen testing) to this challenge.

From the report, “It is clear that there is no shortage of vulnerabilities to find. In the last year, Bugcrowd saw a 92% increase in total vulnerabilities reported over the previous year. The average payout per vulnerability increased this year by a whopping 83%, with average payouts for critical vulnerabilities reaching $2,669.92 — a 27% increase over last year.”

This report focuses specifically on data threats in the healthcare industry.

This report is essential reading for executives, security practitioners and development teams who want to better understand the present state of software security risk, and who seek to benchmark and improve their own organization’s performance.

From the report, “For our 4th Year running, welcome to the edgescan Vulnerability Stats Report. This report aims to demonstrate the state of full stack security based on edgescan data for 2018. The edgescan report has become a reliable source for truly representing the global state of cyber security. This year we took a deeper look at vulnerability metrics from a known vulnerability (CVE) and visibility standpoint. We still see high rates of known/patchable vulnerabilities which have working exploits in the wild, which possibly demonstrates it is hard to patch production systems effectively on a consistent basis.”

This report offers an inside look at hackers. It provides a glimpse into the BugCrowd community, identifies 5 distinct types of bug hunters and their motivations, Explores program variables that can motivate and encourage different types of bug hunters and the community as a whole.

The evolving threat landscape and perennial cybersecurity challenges are giving rise to community-based programs such as crowdsourced cybersecurity, an important evolution that’s fast becoming a foundational element of any organization’s cybersecurity program. Crowdsourced cybersecurity includes services such as bug bounty programs, vulnerability disclosure, and next-generation penetration testing (NGPT). This report explores several key findings based on research conducted by ESG.

This report is the result of a comprehensive survey of 437 cybersecurity professionals designed to reveal the latest application security trends, how organizations are protecting applications, and what tools and best practices IT cybersecurity teams are prioritizing to find, fix and prevent vulnerabilities in next-gen applications.

From the report, “Robotic telepresence is a next-generation technology that allows a person in one location to replicate himself in another. The remote person can see you, hear you, interact with you, and move all around your location. But wait a second! What if the person behind the robot is not who you think he is? What if the robot gets compromised, and now the attacker is watching you and your surroundings? In this whitepaper, all the findings learned while security testing a telepresence robot are presented, as well as the countermeasures implemented by the vendor.”