This paper is a follow-up to IOActive’s 2016 report1 on vehicle vulnerabilities. The goal of this paper is to revisit the topic using data from the past two years (2016, 2017) and to compare this information to previous findings to analyze how the industry is progressing.

This report offers insight into the impact of AI from both the attackers, and the cybersecurity warriors.

Welcome to the Monthly Threat Roundup report for November 2017. At Paladion CTAC we continuously track the emerging threats and vulnerabilities and provide you timely actionable intelligence to stay safe. We provide machine-readable intelligence in the form of IOCs, which can be directly integrated with your security devices. We also provide advisories on how you can prevent, detect and respond to latest attacker techniques. This report summarises the key findings of the stated month. It also contains insights related to threats and incidents that we have analysed.

“Our 6th annual DevSecOps community survey, represents the voice of 5,558 IT professionals and demonstrates that DevOps practices are maturing rapidly, security is being automated earlier in the development lifecycle, and management of software supply chains is a critical differentiator. "

MuleSoft commissioned independent market research company Vanson Bourne to survey 650 IT leaders from global enterprises to discover: › What is the state of today’s digital transformation initiatives? › How is the role of IT evolving in the customer-centric era? › What are the top challenges IT organizations face? › Which strategies are enterprises adopting to get ahead of the market?

Here at Cobalt, we’ve done over 350 penetration tests to date. The information included in this report (Time to Fix, Vulnerability Types, Findings Criticality, Issues Fixed) is summary data from all of the penetration tests performed in 2017. Additionally, we provide survey data (Portfolio Coverage, Pen Test Frequency) from 75 respondents in security, management, operations, DevOps, product, and developer roles. All data has been anonymized to protect the privacy of our contributors.

From the report, “Business applications are critical business resources for companies of all sizes — and they’re increasingly under attack. To gain deeper insights into the state of application security, Cybersecurity Insiders conducted an in-depth study in partnership with the 400,000 member Information Security Community on LinkedIn. This report is the result of a comprehensive survey of 437 cybersecurity professionals designed to reveal the latest application security trends, how organizations are protecting applications, and what tools and best practices IT cybersecurity teams are prioritizing to find, fix and prevent vulnerabilities in next-gen applications.”

This report is based on the results of a comprehensive online survey of 437 cybersecurity professionals conducted from June through August 2018 to gain deep insights into the latest application security threats faced by organizations and the solutions to prevent and remediate them. The respondents range from executives to managers and IT security practitioners. They represent organizations of varying sizes across many industries.

From the report, “This report compares the budgets of global security decision makers at firms spending up to 10%, 11% to 20%, and 21% to 30% of their IT budget on information security. Security leaders can use these budget ranges as a starting point to evaluate their own programs, then compare their product, service, staffing, and other allocations with those of similar firms.” Read on to find out more.

Synopsys and SAE International partnered to commission this independent survey of the current cybersecurity practices in the automotive industry to fill a gap that has existed far too long—the lack of data needed to understand the automotive industry’s cybersecurity posture and its capability to address software security risks inherent in connected, software-enabled vehicles. Ponemon Institute was selected to conduct the study. Researchers surveyed 593 professionals responsible for contributing to or assessing the security of automotive components.

This report offers the following taglines - IoT device breaches undetectable by nearly half of companies, and use of blockchain technology to help secure IoT data, devices and services doubles in a year.

In this report, you’ll learn how many DevOps servers may be exposed based on a study done by the IntSights research team, how cyber criminals typically access open DevOps servers, and what you can do to protect yourself and your data from a DevOps cyber attack.

This survey, the sixth in a series of annual studies by SANS on security practices in software development, is the first to explicitly focus on DevOps. The results of this study show that organizations are finding ways to keep up with rapid change through DevOp but they have a number of challenges they still need to deal with.

In this new research report, Farsight Security set out to determine the prevalence and distribution of IDN homographs across the Internet. We examined 100M IDN resolutions over a 12-month period with a focus on over 450 top global brands across 11 sectors including finance, retail, and technology.

This report offers insight into the DevSecOps Community.

This survey, representing the voice of 2,076 IT professionals, demonstrates that DevSecOps practices continue to mature rapidly and that, once automated, security is difficult to ignore.

This is the first in a series of books tracking changes and discoveries within the DevSecOps Community. The stories are by people who have been sloshing around in the swamps of software development for years, figuring out how things work, and most importantly, why things didn’t work.

Sonatype’s 4th annual report on managing open source components to accelerate innovation.

This 2017 report has similarities to previous years, but there are three differences worth noting. First, the analysis in this year’s report extends beyond Java and includes supply chain findings for JavaScript, NuGet, Python, and Docker. Second, this year’s paper includes a stronger emphasis on the emergence of DevOps and reflects on the evolution of modern IT organizations as they seek to transform from waterfall-native to DevOps-native software development. Lastly, this year’s research delves deeper into the rapidly evolving role of regulation, legislation, and litigation with respect to open source governance and software supply chain management.

This e-book offers insight into the entire subject of Cloud Security.

This paper provides a checklist to address CIS Critical Security Controls.