The 2020 OSSRA includes insights and recommendations to help security, risk, legal, and development teams better understand the open source security and license risk landscape. (more available)

The annual report from Snyk on the state of open source software from a security perspective. Includes survey data from 500+ developers, internal Snyk vulnerability data from the projects monitored by Snyk, and additional aggregated source code repository data. (more available)

The third annual report from Hacker One on the state of the hacker/security testing community. Data is drawn from Hacker One’s community of bug bounty registrants and subscribing platforms. (more available)

The findings in this report are a comprehensive look at ICS vulnerability statistics, including how they affect industrial control networks and whether appropriate mitigation is provided alongside the published advisories. (more available)

This report offers advice for what to do when the barbarians are at your door…

From the report, “On November 26th, Slovakian Anonymous leader ‘Abaddon’ posted in the deep web message board ‘Hidden Answers’, looking to recruit accomplices for an operation targeting NATO and EU websites. (more available)

Contributors to this paper include security professionals, including the Security Intelligence Response Team (SIRT), the Threat Research Unit, Information Security, and the Custom Analytics group. (more available)

This report provides helpful information on XSS.

This is a threat advisory for Ticketac Mobile Apps

This report takes a look at the harmful practice of web scraping.

This monthly report details Application Security obvservations from March 2018.

What’s not open to discussion is that the role of information security executives has evolved. CISOs may now find themselves talking to investors about how an attack impacted quarterly earnings in addition to more traditional duties like managing a SOC. (more available)

This document presents the definition, category, means, and examples of the underground network industry, as well as protection measures.

This report is based on a study done in 2017 to analyze security issues in CakePHP.

This annual report takes a look at the bug bounty industry in 2018.

This paper investigates many observable characteristics of web-servers that may affect the likelihood of compromise.