This report is essential reading for executives, security practitioners and development teams who want to better understand the present state of software security risk, and who seek to benchmark and improve their own organization’s performance.

Now in its fifth year, Sonatype’s annual State of the Software Supply Chain Report examines the rapidly expanding supply and continued exponential growth in consumption of open source components. Their research also reveals best practices exhibited by exemplary open source software projects and exemplary commercial application development teams.

This report provides Advanced Cyber Security Center executives weighing in on the Board’s role as a strategic partner to management in balancing digital transformations and cybersecurity risks.

This Spotlight report provides in-depth analysis of vulnerabilities and weaponization patterns across the entire family of Adobe products. By focusing on weaponization, we go beyond simply counting vulnerabilities, and instead reveal how popular software from a leading vendor becomes a beacon for attackers. A significant number of these vulnerabilities are exploitable and have remote code execution capabilities, changing their status from a potential threat to an active and live cyber risk exposure point. While our findings naturally focus on the most recent data, the report includes more than 20 years of data from 1996 through 2018, allowing us to see long-term trends.

From the report, “For our 4th Year running, welcome to the edgescan Vulnerability Stats Report. This report aims to demonstrate the state of full stack security based on edgescan data for 2018. The edgescan report has become a reliable source for truly representing the global state of cyber security. This year we took a deeper look at vulnerability metrics from a known vulnerability (CVE) and visibility standpoint. We still see high rates of known/patchable vulnerabilities which have working exploits in the wild, which possibly demonstrates it is hard to patch production systems effectively on a consistent basis.”

Automation balances machine-based analysis with human-based domain knowledge to help organizations achieve optimal workflows in the face of staff shortages and alert fatigue, all caused by an increasing number of destructive threats. Yet, 59% of survey respondents indicate that their organizations use low levels or no automation of key security and incident response (IR) tasks. In this new SANS survey, we wanted to understand and explore some of the misconceptions versus facts around automation and what to do about it.

This paper will also explore the root causes of poor data quality and a solution for organizations seeking data quality improvement.

From the report, ““Realized coverage & efficiency vary greatly among firms—over 50% between top and bottom performers—indicating different remediation strategies lead to very different outcomes.” Where is your strategy leading?” Read on to find out more.

This report offers insights into why a CSIRT is crucial in today’s world. It provides some helpful tips and steps that can improve any organization’s response team.

From the Report, “When you are faced with multiple risks and regulatory requirements, as well as constantly-changing industry trends, how do you connect the dots? How do you bring all this information together in a way that is meaningful to your organization? MetricStream Research offers you a range of cutting-edge GRC research reports, insights, and analyses that empower you to make informed and effective decisions on your GRC Journey®. Through primary and secondary research, we analyze the latest GRC trends and developments, and transform this data into the intelligence you need to drive exceptional performance.”

This report reveals findings around the cybersecurity landscape. To inform this report they surveyed ,3,200 security leaders asking questions in three categories, Set Up - how do you set yourself up for success, Architecture - what is your approach to vender/solution selection, and finally Breach Readiness and Response.

MuleSoft commissioned independent market research company Vanson Bourne to survey 650 IT leaders from global enterprises to discover: › What is the state of today’s digital transformation initiatives? › How is the role of IT evolving in the customer-centric era? › What are the top challenges IT organizations face? › Which strategies are enterprises adopting to get ahead of the market?

Here at Cobalt, we’ve done over 350 penetration tests to date. The information included in this report (Time to Fix, Vulnerability Types, Findings Criticality, Issues Fixed) is summary data from all of the penetration tests performed in 2017. Additionally, we provide survey data (Portfolio Coverage, Pen Test Frequency) from 75 respondents in security, management, operations, DevOps, product, and developer roles. All data has been anonymized to protect the privacy of our contributors.

The State of Payment Processing & Fraud: 2018 Inaugural Survey & Report is a first-of-its kind study brought to you by Kount and The Fraud Practice. The inaugural survey reached hundreds of acquirers, processors, gateways, payment facilitators and issuers to get their take on the state of the industry and what is most critical for attracting and retaining clients and growing processing volumes.

The State of Chargebacks: 2018 Report, brought to you by Kount and Chargebacks911, is intended to provide an overview of the health and status of chargeback management in the Card Not Present (CNP) payments space. It includes key facts and figures about chargebacks, dispute and win rates. In addition, participating organizations shared insights about the tools, services, and solutions they employ for fraud detection and chargeback management, as well as the greatest challenges they face.

The State of Manual Reviews: 2018 Report, brought to you by Kount and Paladin Group, provides survey results about manual review trends and best practices in the card-not-present (CNP) payments environment. It includes key performance indicators (KPIs) and demographic details related to participating merchants. In addition, participants in the survey shared insights about the tools, services, and solutions they employ for their manual review process.

Kount and The Fraud Practice designed the State of CNP False Positives survey because false positives are one of the least, if not the least, understood aspects of risk management. While merchants tend to focus directly on chargebacks and fraud losses, false positives are another major source of lost revenue but are often underestimated if not ignored altogether.

The Fraud Prevention Industry Benchmarks Survey was focused specifically on merchants doing business in the Card or Customer Not Present (CNP) channel. This study was designed to gain insights and information for comparison of key performance indicators (KPIs) such as manual review rates, chargeback rates, false positive rates and other metrics across different types of merchants, while the analysis report is intended to serve as an industry resource and point-of-reference for organizations looking to benchmark and compare the performance of their fraud prevention strategy against others in their vertical.

Abstract: Enterprises increasingly operate in a digitally interconnected world where third parties like suppliers, customers, channel partners, and others are often directly connected to their internal IT systems, and where their underlying IT infrastructure may be owned and managed by an outside organization. These business relationships can knowingly or unknowingly introduce different types of risks that need to be identified and managed as if these third parties were part of the enterprise itself. Recorded Future’s latest risk intelligence offering enables threat intelligence teams to better understand, monitor, and measure their real-time exposure to these third-party risks. Armed with this information, organizations can better assess and prioritize risk mitigation actions.

From the report, “At Feedzai, we recently completed a project: building a machine learning system to perform transaction fraud detection for a global payment service provider. This client does over a million transactions a day. We designed, trained, tested, and compared hundreds of models in just over a month. In the end we achieved a 16 percentage point increase in money recall with 20x fewer alerts. The fact that we’re continuing to deliver on projects of this scale, in this speed, makes me excited for the future. In this paper, I want to discuss why speed of data science matters, why we’re able to achieve it, and why it helps us deliver value for enterprises fighting fraud. ” Read on to find out more.

In this paper the CTO of Feedzai writes about several of the misconceptions related to organizations leveraging in-house resources to create their own machine learning system for risk. He discusses the lack of success surrounding those decisions.