A survey of 273 security professionals on the implications of the COVID-19 pandemic on security perceptions.

The annual report on the composition and findings of security testing as powered by BugCrowd’s bug bounty platform of nearly 3,500 security testers.

The third annual report from Hacker One on the state of the hacker/security testing community. Data is drawn from Hacker One’s community of bug bounty registrants and subscribing platforms.

The fourth annual report from Hacker One on the state of the open security testing community, using data from Hacker One’s bug bounty program.

This report goes in-depth on the most popular fraud techniques and how to prevent fraud attacks on your business.

A survey of over 1,000 firms into how cybersecurity leaders organize their programs, where they invest, and which technologies, processes, and analytical tools they use. A goal of focusing on guidng readers to optimize the use of cybersecurity resources.

A report derived from NTT’s managed SOC service, seeking to identify modern and emerging trends observed across industries and regions.

The inaugural report from AT&T Business. Leverages data from the AT&T network operations groups as well as outside research firms and network partners.

Year end report from AppRiver using telemetry from the AppRiver security products and events observed by the AppRiver Security Analysts.

A year in review report drawing on the events observed by AppRiver Security analysts and the telemetry from the AppRiver security platforms. Includes predictions for 2020.

The fifth edition of Edgescan’s vulnerability statistics report. Uses both scan data and survey data to report on vulnerability management, with a special focus on web application vulnerabilities.

The annual report on trends in malware and hacked website from the incident response and malware research teams at GoDaddy Security /Sucuri.

An annual report derived from the Proofpoint customer base and the emails processed by the Proofpoint email security platform. Focuses on the “human factor” of organizational cyber security.

A survey-based report covering 704 cybersecurity professionals from organization with more than 500 employees. This edition has a special focus on the impact of 5G technologies for security professionals.

A survey of 166 US health information security professionals. Discusses the prevalence of significant security events (primarily e-mail based), positive advances in healthcare security, the threat of complacency when managing programs, and area where there are control gaps.

A combination of data from RiskIQ’s internet telemetry network and thought analysis, this report covers changes related to the COVID-19 pandemic, organization’s public attack surface, mobile threats, and the importance of JavaScript as an attack vector.

RiskIQ scans mobile application stores and analyzes the apps presented for potential malware and other threats. This annual threat report covers the security posture of the mobile ecosystem, identifying threat actions, and making time comparisons.

Using case data from IBM’s external incident response service involvement in cloud-related security incidents over 2019, this report covers threat actors, threat actions, common control weaknesses, and makes recommendations for increase cloud security postures. Additional data contributed by Intezer and DarkOwl.

A detailed technical analysis of the Kingminer botnet malware, including the C&C network, infection vectors, payload, and auxiliary components.

Covers the long tail of vulnerability patching, whereby vulnerabilities that are not fixed soon after detection can linger for months or more before being addressed. Makes the case for better prioritization mechanisms.

The second annual application protection report (APR) from F5 Labs combines data from F5’s global customer base with network telemetry from Baffin Bay to catalog and analyze the major threats facing application security practitioners. Includes recommendations for appsec professionals.