The goal of this report is to offer a view on the state of compliance in today’s typical organization, including: the rate of noncompliance among a typical organization’s assets, the compliance standards that are hardest for organizations to adhere to, how well compliance tracks against the overall risk surface and the most common security controls causing non-compliance. (more available)

In 2021, the industry saw a transition into threat actor separation of duties, with an increase in groups focused on obtaining and selling access to victims (Initial Access Brokers). (more available)

The goal of this survey was to understand the current state of SaaS security and misconfigurations. The survey was conducted online by CSA from January to February 2022 and received 340 responses from IT and security professionals from various organization sizes and locations. (more available)

This study examines trends in application development security. It looks as the extent to which security teams understand modern development practices, what influences application security investments, and the dynamic between development teams and cybersecurity teams. (more available)

This report covers findings from a survey conducted by Dimensional Research in July 2020. A total of 310 qualified individuals completed the survey. (more available)

A survey of 400 public sector IT decision makers and influencers to determine challenges faced by public sector IT professionals, security threats, and cybersecurity capabilities. (more available)

The 2020 edition of this annual survey based report on cloud adoption, migration, and security trends. Drawn from a pool of 750 global respondents with roles in evaluatng, purchasing, and managing cybersecurity products and with a high level of familiarity of their organizaiton’s public cloud use. (more available)

This is the fifth annual report from the Huawei Cyber Security Evaluation Centre (HCSEC) Oversight Board. HCSEC is a facility in Banbury, Oxfordshire, belonging to Huawei Technologies (UK) Co Ltd (Huawei UK), whose parent company, Huawei Technologies Co Ltd, is a Chinese headquartered company which is now one of the world’s largest telecommunications providers. (more available)

From the report, “The Prioritization to Prediction series is an ongoing research initiative between Kenna Security and the Cyentia Institute. The first volume proposed a model for predicting which of the numerous hardware and software vulnerabilities published each month were most likely to be exploited, and thus deserving of priority remediation. (more available)

MuleSoft commissioned independent market research company Vanson Bourne to survey 650 IT leaders from global enterprises to discover: › What is the state of today’s digital transformation initiatives? (more available)

From the report, “This technical whitepaper presents and discusses the concept of “Connectivity as Code”, a complementary concept to “Infrastructure as Code” (IaC), and we will explain how it can be incorporated into the DevOps lifecycle for a more agile application delivery. (more available)

From the report, “For the past six years, Puppet has produced the annual State of DevOps Report1 and collected more than 27,000 responses from technical professionals around the world, making it the longest-running and most comprehensive study on the topic of DevOps today. (more available)

From the report, “The Puppet 2018 State of DevOps Report took a new tack this year, seeking prescriptive guidance for teams to follow. (more available)

From the report, “This year we designed our DevOps survey to reveal what successful organizations actually do as they progress on their DevOps journeys. (more available)

From the report, “IT security leaders know their companies’ endpoints, PCs, and servers are continuously targeted by hackers. They also agree following best practices in endpoint security hygiene is instrumental in reducing cyber incidents. (more available)

This paper seeks to provide a new approach to cyber security that enables IT operations and incident response teams to move faster and act smarter. (more available)

Many federal agencies have begun adoption of modern, agile approaches to software delivery, with the goal of building higher quality services faster and more cheaply. (more available)

As businesses continue to adopt both infrastructure-as-a-service (iaaS) and platform -as-a-service (PaaS) cloud platforms, S&r pros struggle to protect their organization’s valuable data while minimizing the threat surface of cloud and hybrid cloud workloads. (more available)

This report gives a clever way to understand Cloud security topologies. It breaks all of the concepts down into a simple continuum. (more available)

This report uniquely addresses SecOps initiatives in terms of role, team leadership, success rates, company size, vertical adoptions, and geography. It provides telling insights into technology priorities, process, and best practices and metrics for critical use cases—including integrated security/ compliance for performance and availability management, change and configuration management, and IT asset management and audits. (more available)

This threat advisory offers insight into the ROPEMAKER Email Exploit.