For this survey, we surveyed 426 security professionals directly responsible for managing cyber vulnerabilities in their day-to-day work. The survey was conducted online via Pollfish using organic sampling. (more available)

This report covers vulnerabilities disclosed this year. It aims to help the reader navigate the current vulnerability landscape. It provides valuable insight into vulnerability trends and how they are impacting organizations. (more available)

This report goes into the hacking industry in 2020. It talks about the impact of hackers on security, bug bounty trends, and more. (more available)

This report highlights research into cyber-attack trends in the smart mobility ecosystem.

The third annual report from Hacker One on the state of the hacker/security testing community. Data is drawn from Hacker One’s community of bug bounty registrants and subscribing platforms. (more available)

The fourth annual report from Hacker One on the state of the open security testing community, using data from Hacker One’s bug bounty program. (more available)

As software proliferates and DevOps takes hold, we conducted this study to understand the impact of utilizing Pentest as a Service (PtaaS) vs. (more available)

The findings in this report are a comprehensive look at ICS vulnerability statistics, including how they affect industrial control networks and whether appropriate mitigation is provided alongside the published advisories. (more available)

Veracode commissioned this survey from 451 Research to understand how widely accepted andpracticed coordinated disclosure – whereby a security researcher identifies a flaw and notifiesthe company, then the two work together to fix and publicly disclose the flaw – really is andwhere the pain points reside. (more available)

this report t explores the vulnerability-to-exploit (V2E) cybercrime and cybersecurity supply chain, outlines the players in the different market segments and provides insights into the related economic drivers. (more available)

From the report, “It is clear that there is no shortage of vulnerabilities to find. In the last year, Bugcrowd saw a 92% increase in total vulnerabilities reported over the previous year. (more available)

This report offers an inside look at hackers. It provides a glimpse into the BugCrowd community, identifies 5 distinct types of bug hunters and their motivations, Explores program variables that can motivate and encourage different types of bug hunters and the community as a whole. (more available)

The evolving threat landscape and perennial cybersecurity challenges are giving rise to community-based programs such as crowdsourced cybersecurity, an important evolution that’s fast becoming a foundational element of any organization’s cybersecurity program. (more available)

This report takes you inside the mind of a hacker.

This report answers some questions about Bug Bounty organizations.

Beginning with the Strava cyber incident, this paper seeks to provide insight into how personal device data can cause a crisis with company data. (more available)

This is a transcript of a February 2018 US Senate meeting that discussed Data Security and the hacking community.

This report is a kind of dossier on the hacker community. It lets you in to their world, to know their mindset, and thoughts on the bug bounty community. (more available)

As we approach critical mass of hacker-powered security, read on to learn more about best practices of starting and running effective disclosure and bug bounty programs, and get to know some of the stories and stats about the hackers themselves. (more available)

From the report, “In this report we provide a broad view of the 2015 threat landscape, ranging from industry-wide data to a focused look at different technologies, including open source, mobile, and the Internet of Things. (more available)

This report examines the broadest platform data set available and explains why organizations like General Motors, Starbucks, Uber, the U.S. Department of Defense, Lufthansa, and Nintendo have embraced continuous, hacker-powered security. (more available)