The 2020 edition of this annual report uses results of software scan patterns and results across thousands of global customers. A focus for this edition is the effects of nature (the corporate environment of applications) vs. nurture (the behaviors developers take) and the relative effect each has on application security.

This edition of the State of the Internet (SOTI)/Security report series focuses on the retail and hospitality sectors. An extensive review of how credential abuse attacks are carried out from both a methodology perspective and a volumetric angle is given.

This whitepaper explains a new vulnerability in Windows Server that is highly exploitable.

This article offers a glimpse into the inner workings of the Interplanetary Storm botnet, provides an exhaustive technical analysis of the Golang-written binaries along with an overview of the protocol internals and finally, some attribution information.

This report discusses the perceptions uncovered by the study and provides conclusions that hiring organizations should consider as they work to locate and recruit additional staff to their cybersecurity teams.

A report from aggregate telemetry on Contrast Security customers’ applications between June 2019 and May 2020. Covers application vulnerability prevalence, time to remediation, attacks, and composition, among other themes.

Using RiskRecon’s telemetry of the public risk surface of thousands of organizations, this report takes a look at services which are commonly viewed as unsafe. The prevalence and co-occurrence of these services is used as a indicator of other hygiene and risk indicators at firms.

This report covers findings from a survey conducted by Dimensional Research in July 2020. A total of 310 qualified individuals completed the survey.

This mid year report covers publicly disclosed data breaches first reported between January 1, 2020 and June 30, 2020 and compares current observations to the same time period for prior years.

The annual report from Snyk on the state of open source software from a security perspective. Includes survey data from 500+ developers, internal Snyk vulnerability data from the projects monitored by Snyk, and additional aggregated source code repository data.

A year in review report drawing on the events observed by AppRiver Security analysts and the telemetry from the AppRiver security platforms. Includes predictions for 2020.

The fifth edition of Edgescan’s vulnerability statistics report. Uses both scan data and survey data to report on vulnerability management, with a special focus on web application vulnerabilities.

RiskIQ scans mobile application stores and analyzes the apps presented for potential malware and other threats. This annual threat report covers the security posture of the mobile ecosystem, identifying threat actions, and making time comparisons.

Using breach data from Advisen, this report defines ripple effects of breaches as the impacts on companies more than one degree of separation from the company directly affected by the breach. As vendor relationships are both broad and deep, a breach in any one company in a network can have distant effects on companies not directly related. The implications upon third party risk management are explored.

The inaugural threat report from the AWS Shield managed security service. Primarily covers volumetric statistics seen on the AWS Shield platform.

Review of DNS traffic trends during the 2020 COVID-19 pandemic as an indicator of enterprise activity and possible DDOS events.

Insider threat continues to be a problem for organizations, regardless of size or industry. Companies are trying to mitigate this risk by continuously investing in tools, people, and processes. The Securonix Threat Research Team has analyzed hundreds of incidents across several industry verticals in order to understand the various behavior patterns that impose risk to organizations. In this report we take a closer look at such behaviors by examining reallife incidents across number of dimensions such as motive and type of risks against industry verticals.

A special edition of the Veracode SOSS series, focusing on the vulnerabilities present in open source software libraries and the surrounding ecosystem.

The 2020 Trustwave Global Security Report is an annual review of the phenomena, trends and statistics affecting computer security and worldwide safety, as observed by Trustwave systems and security analysts throughout 2019. As we enter a new deacade, we take a fresh look at the changing face of the compromise, from the ways in which increasingly sophisticated threat actors adapted in recent years to improvements in threat detection and response and how people in white hats responded.

This report is based off the findings of a deep analysis of vulnerabilities in BAS. The results are grouped into four areas then published. The four areas are: Analysis of the security Landscape, Discovery and responsible disclosure of previously unknown vulnerabilities, Deployment of a proof of concept malware, and Discussion on how network monitoring tools can help protect.

Our 2019 Threat Research Report is a deep dive into our logs, experiences, and collected analysis. It summarizes and identifies the latest tactics, techniques, and procedures seen by the Malware Research team, Vulnerability Research team, Threat Intel Research team and Remediation Groups at Sucuri/GoDaddy.