A survey of recent breaches occurring over the past year as identified and classified via AuditAnalytic’s commercial database of breach information. (more available)

A continued look at “ripple events” - multi-party security events - examining the size and frequency of these events, firmographics, as well as the velocity of spread of such events. (more available)

This annual report covers data from 1,602 penetration tests conducted in 2020 as well as survey information from 601 firms in the pursuit of understanding secure development, vulnerability remediation, and opportunities for process improvements. (more available)

Get best practices on managing your open source libraries in our State of Software Security v11: Open Source Edition report. Based on 13 million scans of more than 86,000 repositories, SOSS v11: Open Source Edition gives you a unique perspective on the open source libraries in codebases today, how organizations are managing the security of these libraries, and best practices on using open source code securely. (more available)

This report looks at data breach events in 2020. It then compares key aspects and trends of these breaches to data breaches in previous years. (more available)

This report covers vulnerabilities disclosed this year. It aims to help the reader navigate the current vulnerability landscape. It provides valuable insight into vulnerability trends and how they are impacting organizations. (more available)

A review of the threat volume and characteristics affecting e-commerce.

This report examines publicly disclosed data breach events, and describes trends and key changes for Q3 2020.

The 2020 edition of this annual report uses results of software scan patterns and results across thousands of global customers. A focus for this edition is the effects of nature (the corporate environment of applications) vs. (more available)

This edition of the State of the Internet (SOTI)/Security report series focuses on the retail and hospitality sectors. An extensive review of how credential abuse attacks are carried out from both a methodology perspective and a volumetric angle is given. (more available)

This whitepaper explains a new vulnerability in Windows Server that is highly exploitable.

This article offers a glimpse into the inner workings of the Interplanetary Storm botnet, provides an exhaustive technical analysis of the Golang-written binaries along with an overview of the protocol internals and finally, some attribution information. (more available)

This report discusses the perceptions uncovered by the study and provides conclusions that hiring organizations should consider as they work to locate and recruit additional staff to their cybersecurity teams. (more available)

A report from aggregate telemetry on Contrast Security customers' applications between June 2019 and May 2020. Covers application vulnerability prevalence, time to remediation, attacks, and composition, among other themes. (more available)

Using RiskRecon’s telemetry of the public risk surface of thousands of organizations, this report takes a look at services which are commonly viewed as unsafe. (more available)

This report covers findings from a survey conducted by Dimensional Research in July 2020. A total of 310 qualified individuals completed the survey. (more available)

This mid year report covers publicly disclosed data breaches first reported between January 1, 2020 and June 30, 2020 and compares current observations to the same time period for prior years. (more available)

The annual report from Snyk on the state of open source software from a security perspective. Includes survey data from 500+ developers, internal Snyk vulnerability data from the projects monitored by Snyk, and additional aggregated source code repository data. (more available)

A year in review report drawing on the events observed by AppRiver Security analysts and the telemetry from the AppRiver security platforms. (more available)

The fifth edition of Edgescan’s vulnerability statistics report. Uses both scan data and survey data to report on vulnerability management, with a special focus on web application vulnerabilities. (more available)

RiskIQ scans mobile application stores and analyzes the apps presented for potential malware and other threats. This annual threat report covers the security posture of the mobile ecosystem, identifying threat actions, and making time comparisons. (more available)