Endpoint security is the last line of defense. Now more than ever, effective endpoint protection is essential to the success of any cybersecurity program. (more available)

Do exploit code releases help or harm defenders? We decided to put this hotly contested debate to the test. The seventh volume of the Prioritization to Prediction series produced in conjunction with the Cyentia Institute attacks this debate from all angles. (more available)

What makes for successful cybersecurity? Is there evidence that security investments result in measurable outcomes? How do we know what actually works and what doesn’t? (more available)

This report looks at the roles and responsibility CISO’s have, highlighting changes over the past 12-18 months.

Based on a survey of over 4,800, this report reviews the practices that lead to positive outcomes for security programs. Linking together practices that are more (or less) successful to the characteristics of positive outcomes, this report aims to give guidance for where practitioners can focus their efforts to achieve similar outcomes. (more available)

The 2020 edition of this annual report uses results of software scan patterns and results across thousands of global customers. A focus for this edition is the effects of nature (the corporate environment of applications) vs. (more available)

This report attempts to understand the theory and practice of web application security in organizations worldwide.

This study captures and analyzes a large set of information about phishing attacks, in order to better understand how much phishing is taking place, where it is taking place, and to see if the data suggests better ways to fight phishing. (more available)

An extension of the Prioritization to Prediction series, this report uses a sample of over 40 manufacturing sector firms to better understand the means and metrics of vulnerability management with the sector. (more available)

An extension of the Prioritization to Prediction series, this report uses a sample of approximately 30 healthcare sector firms to better understand the means and metrics of vulnerability management with the sector. (more available)

An extension of the Prioritization to Prediction series, this report uses a sample of approximately 100 finance sector firms to better understand the means and metrics of vulnerability management with the sector. (more available)

An extension of the Prioritization to Prediction series, this report uses a sample of approximately 70 technology services to better understand the means and metrics of vulnerability management with the sector. (more available)

This study examines trends in application development security. It looks as the extent to which security teams understand modern development practices, what influences application security investments, and the dynamic between development teams and cybersecurity teams. (more available)

This report takes a look at the gap between business and cybersecurity, showing how the two have been aligning.

A survey of 416 security and 425 business executives, combined with telephone interviews of five business and security executives to explore the strategies and practices and medium and large enterprises. (more available)

A survey driven review of 25 indicators via 157 questions spanning 193 respondents. This attempts to focus on factors influencing cybersecurity strategy design and implementation on a year-over-year basis. (more available)

A survey driven review of 25 indicators via 50 questions spanning nearly 160 respondents. This attempts to focus on factors influencing cybersecurity strategy design and implementation on a year-over-year basis. (more available)

This report focuses on an analysis of security controls effectiveness across the multiple stages of attack lifecycles within 11 global industries. (more available)

This report explains the findings of a study the did, showing that seeking the exact technology to solve your newest, most pressing security concern may actually be multiplying security gaps that slow you down instead of simplifying your security environment. (more available)

A survey of 450 individuals on cybersecurity spending plans, areas of investment, and workforce requirements.

A survey of 400 public sector IT decision makers and influencers to determine challenges faced by public sector IT professionals, security threats, and cybersecurity capabilities. (more available)