We wanted to gain insights into the experience of security teams who are at the helm of their organization’s detection and response operations and uncover more about what they experience each day. (more available)

In this report, you will find details about security, compliance, services, alerting, and Kubernetes usage patterns. This information can be useful for determining the real-world state of security and usage for container environments at companies around the world, from a broad range of industries. (more available)

In this report, you will find further detail about security, compliance, services, alerting, and Kubernetes usage patterns. This information can be useful for determining the real-world state of security and usage for container environments at companies around the world, from a broad range of industries. (more available)

These findings are based on the data we gather front the billions of containers that our customers run over the course of a year. (more available)

Today, data is a company’s most valuable asset, leading many to invest in Insider Risk Management programs. Recent trends around employee turnover and remote work have created unprecedented challenges for security teams to protect valuable data from leaving the company. (more available)

Now in its seventh year, Sonatype’s 2021 State of the Software Supply Chain Report blends a broad set of public and proprietary data to reveal important findings about open source and its increasingly important role in digital innovation. (more available)

The goal of the study was to provide a state-of-the-market on third-party risk with actionable recommendations that organizations can take to grow and mature their programs across every stage of the third-party risk lifecycle. (more available)

The information included in this report is summary data from the pentesting performed in 2018. Additionally, we provide survey data from respondents in security, management, operations, DevOps, product, and developer roles. (more available)

The report evaluates the responses of 465 global IT professionals who manage, advise, and participate in ITAM, SAM, and HAM activities in organizations of 1,000 or more employees. (more available)

This report looks at the entire history of active applications, not just the activity associated with the application over one year. (more available)

This report creates an overall picture of the cybersecurity capabilities of public power utilities. Moreover, it supports the previous year’s findings and provides a consistent approach for supporting DOE’s Multiyear Plan for Energy Sector Cybersecurity. (more available)

More than 4,700 executives were surveyed in March and April of 2021 in order to understand the extent to which organizations prioritize security, how comprehensive their security plans are, and how their security investments are performing. (more available)

Endpoint security is the last line of defense. Now more than ever, effective endpoint protection is essential to the success of any cybersecurity program. (more available)

Do exploit code releases help or harm defenders? We decided to put this hotly contested debate to the test. The seventh volume of the Prioritization to Prediction series produced in conjunction with the Cyentia Institute attacks this debate from all angles. (more available)

What makes for successful cybersecurity? Is there evidence that security investments result in measurable outcomes? How do we know what actually works and what doesn’t? (more available)

This report looks at the roles and responsibility CISO’s have, highlighting changes over the past 12-18 months.

Based on a survey of over 4,800, this report reviews the practices that lead to positive outcomes for security programs. Linking together practices that are more (or less) successful to the characteristics of positive outcomes, this report aims to give guidance for where practitioners can focus their efforts to achieve similar outcomes. (more available)

The 2020 edition of this annual report uses results of software scan patterns and results across thousands of global customers. A focus for this edition is the effects of nature (the corporate environment of applications) vs. (more available)

This report attempts to understand the theory and practice of web application security in organizations worldwide.

This study captures and analyzes a large set of information about phishing attacks, in order to better understand how much phishing is taking place, where it is taking place, and to see if the data suggests better ways to fight phishing. (more available)

An extension of the Prioritization to Prediction series, this report uses a sample of over 40 manufacturing sector firms to better understand the means and metrics of vulnerability management with the sector. (more available)