A survey of stakeholders in operational technology (OT) environments across four industries: manufacturing, energy and utilities, healthcare, and transportation.

This report sought to understand the health and security of Free and Open Source Software (FOSS) as it is today. It identifies the most commonly used free and open source software components in production applications, and examines them for potential vulnerabilities.

The annual report from Snyk on the state of open source software from a security perspective. Includes survey data from 500+ developers, internal Snyk vulnerability data from the projects monitored by Snyk, and additional aggregated source code repository data.

Covers the long tail of vulnerability patching, whereby vulnerabilities that are not fixed soon after detection can linger for months or more before being addressed. Makes the case for better prioritization mechanisms.

Automation and integration is often hailed as a great enabler for the future. This survey identified how respondents are adopting systems, where their systems currently stand and what is on the planning horizon.

Advice for CIOs building strategic initiatives around digital transformation.

A lot of progress has been made in the past few years around requirements. Next steps in this area include identifying when and why to update intelligence requirements—even ad hoc adjustments can be planned for by identifying the circumstances under which they would need to be changed. It is also clear that there are numerous positive trends in the community, such as more organizations producing intelligence instead of just consuming it. But there are also many challenges, such as getting the appropriate staffing and training to conduct cyber threat intelligence. Tools and data sources are always going to be vital to the process, but the world of intelligence analysis is inherently analyst driven and a focus is rightfully placed there.

Wakefield Research partnered with Webroot to conduct an online quantitative research study among U.S. consumers to:

• Better understand attitudes, perspectives, and behaviors related to cyber hygiene
• Based on this data, create a risk index (“Cyber Hygiene Risk Index”) to assess the risks associated with susceptibility to cybercrime in each state, ranking the states to determine the riskiest and least risky states in the U.S.
• Further analyze respondents’ susceptibility to risk by using a series of custom demographic and psychographic metrics to get a more nuanced understanding of what is behind cyber-hygiene levels

P2P Volume 5 focuses on the differences between asset types (OS) and how vulnerabilities are treated on different platforms.

This report by Cisco contains 20 predictions for the future of cybersecurity.

This report covers: the security practices for each of the two different core projects, both Angular and React, the state of security of each of the two different module ecosystems, based on an in-depth look at the vulnerabilities contained in each of the ecosystems, the security practices for other common JavaScript frontend framework alternatives such as Vue.js, Bootstrap and jQuery, and the significant security differences between the different alternatives, and particularly between Angular and React

This report from Outsystems is based off of a survey of over 3,300 companies. It had 5 key things they looked into: How organizations’ app dev practices adapt to meet digital transformation and agility objectives, challenges in meeting application development goals, strategies IT teams use to speed up application delivery, and if these strategies are working to overcome resource constraints and reduce backlogs.

This is a study on third party risk from Gartner. It covers how third party risks are changing, how companies are managing third party risks, and taking an iterative approach to third party risks.

Cofence report on how phishing attempts and phishing prevention have changed in 2019.

This report investigates the ways in which organizations can support engineering productivity through initiatives such as supporting information search, more usable deployment toolchains, and reducing technical debt through flexible architecture, code maintainability, and viewable systems.

A survey of over 300 security professionals on security operations center (SOC) practices and how those practices relate to outcomes.

A review of current maturity levels and practices as seen from Micro Focus’s five year history of reviewing security programs.

The PSR has the unique role of measuring the strengths and weaknesses of the PCI DSS and tracking the sustainability of compliance. It also measures and tracks challenges associated with implementing and maintaining security controls required for PCI DSS compliance.

This 2019 edition of the SANS Security Operations Center (SOC) Survey was designed to provide objective data to security leaders and practitioners who are looking to establish a SOC or optimize their existing SOCs. The goal is to capture common and best practices, provide defendable metrics that can be used to justify SOC resources to management, and to highlight key areas on which SOC managers can focus to increase the effectiveness and efficiency of security operations.

The VIPR report (Verizon Incident Preparedness and Response Report) outlines preparations and responses to data breaches. This includes 6 phases, planning and preparation, detection and validation, containment and eradication, collection and analysis, remediation and recovery, and assessment and adjustment.

This research was commissioned by Kenna Security. Kenna collected and provided the remediation dataset to the Cyentia Institute for independent analysis and drafting of this report.