Cyentia Cybersecurity Research Library
  • Sources
  • Tags
  • About
  • Sponsors
  • More from Cyentia

Vuln Management

Below you will find reports with the tag of “Vuln Management”

image from The Wordfence 2023 State of WordPress Security Report

The Wordfence 2023 State of WordPress Security Report

In our report, we look at changes in the threat landscape, analyze impactful trends, and provide recommendations based on our findings. While most of our recommendations remain consistent with prior years, there were some surprising takeaways, including a shift in the most impactful threats. The most widespread threat to WordPress security in 2023 was Cross-Site Scripting, as techniques for taking over websites by adding malicious administrators and backdoors have become mainstream.

(more available)
Added: February 7, 2024
image from 2024 Cloud Native Security and Usage Report

2024 Cloud Native Security and Usage Report

The Sysdig 2024 Cloud‑Native Security and Usage Report comes at an exciting time after a year of cybersecurity making headlines worldwide. This is indicative of how broad the security landscape has grown in a short amount of time, thanks to the cloud. This report looks at real‑world data to draw conclusions about the state of cloud security. From our perspective, we see that organizations continue to struggle with the shift‑left concept. Although runtime threat prioritization has greatly reduced vulnerabilities, there remains an urgency for powerful and speedy cloud threat detection and response (TDR).

(more available)
Added: February 3, 2024
image from H1'2023 Automotive Cyber Trend Report

H1'2023 Automotive Cyber Trend Report

In this report, we’ll discuss three automotive-related cybersecurity emerging risks we’ve identified in 2023, arising from the rapid proliferation of SDVs. Growth in backend attacks allowing access to sensitive vehicle data and controls, the ever-evolving SBOM and the critical role it plays in enhancing automotive threat intelligence and cyber are on the rise in the agriculture, construction, and heavy machinery industries that fare fast to adopt software-defined and autonomous capabilities.

(more available)
Added: December 15, 2023
image from 2023 State of Cybersecurity Automation Adoption

2023 State of Cybersecurity Automation Adoption

This is the third edition of ThreatQuotient’s annual survey of senior cybersecurity professionals, exploring the topic of cybersecurity automation adoption. Read this report to understand how CISOs and senior cybersecurity professionals are handling the incorporation of cybersecurity automation into their strategies to protect the complex, extended enterprise – and their analyst teams – from the pressures of escalating cyber threats.

(more available)
Added: November 15, 2023
image from Vulnerability and threat trends report 2023

Vulnerability and threat trends report 2023

Our findings in this year’s Skybox Vulnerability and Threat Trends Report, detailed below, make the urgency of the situation abundantly clear. Vulnerabilities have skyrocketed, eclipsing all previous records. Attacks are increasing in velocity and impact. Threat actors are targeting more sensitive assets and inflicting more damage. They are better organized—backed increasingly by large crime rings and nation-states—and are employing more sophisticated tools and tactics, such as a growing assortment of backdoor malware and advanced persistent threat (APT) attacks.

(more available)
Added: November 14, 2023
image from Software Supply Chain Security Risk Report

Software Supply Chain Security Risk Report

In April 2023, ReversingLabs partnered with Dimensional Research to survey 321 security and IT professionals on their software supply chains for its report, “Software Supply Chain Security Risk Survey.” This analysis presents key findings and actionable recommendations for security organizations in four key areas: traditional applications security shortcomings, software supply chain complexity and security, security in software development and enterprise-wide security risks.

(more available)
Added: November 6, 2023
image from Coalfire's 5th Annual Penetration Risk Report

Coalfire's 5th Annual Penetration Risk Report

Coalfire’s 5th Annual Penetration Risk Report confirms that enterprise security teams in key industry sectors are starting to embrace continuous penetration testing as a core component of a comprehensive defensive strategy. The report reveals gaps on an expanding attack surface, showing that organizations face ever-greater difficulties mitigating modern attacks.

(more available)
Added: September 26, 2023
image from 2023 State of Vulnerability Management

2023 State of Vulnerability Management

This survey was designed to shed light on current practices, obstacles, and perspectives in vulnerability management. Through understanding how organizations are tackling these challenges, the “2023 State of Vulnerability Management” report offers strategic insights and industry benchmarks.

(more available)
Added: September 1, 2023
image from Slipping Through the Security Gaps

Slipping Through the Security Gaps

In this edition of the State of the Internet/Security (SOTI) report, we continue to research the array of attacks observed in web applications and API, their impacts on the organization, and how vulnerabilities figure in the API landscape. Our goal is to illustrate the dangers posed by the web application and API attacks, with recommendations on how to successfully defend your network against such attacks.

(more available)
Added: August 11, 2023
image from Prioritization to Prediction, Vol. 9

Prioritization to Prediction, Vol. 9

This latest installment of the Prioritization to Prediction research series, created by the Cyentia Institute and sponsored by Cisco (formerly commissioned by Kenna Security), does just that: It explores the KEV and gives some context to what it means (and doesn’t mean) for other organizations. Moreover, we demonstrate how the KEV can fit into any risk-based vulnerability management program. In fact, here are some key findings, but you’ll really want to read the whole report to get the good stuff.

(more available)
Added: August 7, 2023
image from Decoding CISA KEV

Decoding CISA KEV

This report has been put together using CISA’s KEV Catalog and the month-on-month analysis that CSW’s researchers have delivered to our customers for the past year. Our researchers used the NVD, MITRE, and other repositories to map each vulnerability to Tactics, Techniques, and Procedures (TTPs) to understand the actual risk posed by these vulnerabilities. We cross-referenced the KEVs with our ransomware and threat groups’ database maintained in Securin Vulnerability Intelligence (VI) to provide additional threat context to the KEV Catalog. We have also used our proprietary threat intelligence platform (Securin VI) to predict and recommend vulnerabilities that need to be a part of the KEV Catalog.

(more available)
Added: July 28, 2023
image from Good Practices For Supply Chain Cybersecurity

Good Practices For Supply Chain Cybersecurity

The report provides an overview of the current supply chain cybersecurity practices followed by essential and important entities in the EU, based on the results of a 2022 ENISA study which focused on investments of cybersecurity budgets among organizations in the EU. The report also gathers good practices on supply chain cybersecurity derived from European and international standards. It focuses primarily on the supply chains of ICT or OT.

(more available)
Added: July 5, 2023
image from The State of Cyber Assets Report 2022

The State of Cyber Assets Report 2022

In this first-ever SCAR report, we analyzed over 370 million cyber assets, findings, and policies across almost 1,300 organizations to better understand today’s cyber asset landscape. The data in this report helps security operations, engineers, practitioners and leaders understand cyber assets, liabilities, attack surfaces, and there relationships to each other in the modern enterprise.

(more available)
Added: June 19, 2023
image from A Data-Driven Approach to Risk-Based Vulnerability Management With ThreatQ

A Data-Driven Approach to Risk-Based Vulnerability Management With ThreatQ

This paper seeks to introduce some of the new knowledge sources and actionable data, along with a data-driven approach that puts custom cyber intelligence at the center of the process seeking to deliver the tools to help the organization stay as close to the front of the race as possible.

(more available)
Added: June 13, 2023
image from 2022 Accelerate State of DevOps Report

2022 Accelerate State of DevOps Report

For the last eight years, we’ve produced the State of DevOps report, hearing from over 33,000 professionals worldwide. We’ve outlined the DevOps practices that drive successful software delivery and operational performance, with a deep focus on security for the 2022 report.

(more available)
Added: June 1, 2023
image from Balancing Third-Party Risk

Balancing Third-Party Risk

This report is different in that we’re focusing on explicit relationships that are manually configured by organizations using RiskRecon’s platform. In other words, we’re examining curated portfolios of vendors and suppliers tracked as part of organizations’ third-party risk management program. We started with a dataset extracted from RiskRecon’s platform consisting of over 100,000 primary organizations and more than 300,000 monitored third-party relationships. We’re focusing on direct relationships in this report, but the data supports the analysis of indirect (fourth- to nth-party) relationships.

(more available)
Added: May 23, 2023
image from The Invicti AppSec Indicator Fall 2022 Edition

The Invicti AppSec Indicator Fall 2022 Edition

In this latest edition of the Invicti AppSec Indicator, we asked development and security practitioners how they deal with all the excess AppSec noise in the face of relentless pressure to deliver business-critical software on time without compromising security.

(more available)
Added: May 11, 2023
image from 2020 Vulnerability Statistics Report

2020 Vulnerability Statistics Report

This report aims to demonstrate the state of full stack security based on thousands of full stack assessments globally, delivered by the Edgescan SaaS during 2019. This report is still a joy to do as it gives decent insight into what’s going on from a trends and statistics perspective and overall state of cyber security. This report provides a glimpse of a global snapshot across dozens of industry verticals how to prioritize on what is important, as not all vulnerabilities are equal.

(more available)
Added: April 26, 2023
image from 2022 Vulnerability Statistics Report

2022 Vulnerability Statistics Report

The Edgescan report has become a reliable source for truly representing the global state of cyber security vulnerability management. This is becoming more evident as our unique dataset is now also part of other annual security analysis reports, such as the Verizon DBIR (we are happy contributors for many years now). This year we examined vulnerability metrics from a known vulnerability (CVE), Malware, Ransomware and visibility standpoint (exposed services), coupling both internal and public Internet-facing systems. We also take a look at how quick we are fixing various vulnerabilities based on risk.

(more available)
Added: April 26, 2023
image from Automation antidotes for the top poisons in cybersecurity

Automation antidotes for the top poisons in cybersecurity

A recent ThoughtLab study revealed the top cybersecurity challenges that are top-of-mind for IT leaders. This ebook will discuss how those challenges can poison your ability to protect your business why automating security operations is the antidote, and why 80% of organizations that use automation say they can respond to vulnerabilities in a shorter timeframe.

(more available)
Added: April 25, 2023
image from The Fast and the Frivolous

The Fast and the Frivolous

The Fast and the Frivolous uses a massive dataset from SecurityScorecard that spans 1.6 million organizations. We analyze billions of internet-exposed assets to measure the speed of vulnerability remediation over a three-year period. In this report, you’ll find some of the lessons we learned.

(more available)
Added: April 25, 2023
  • ««
  • «
  • 1
  • 2
  • 3
  • 4
  • 5
  • »
  • »»
© Cyentia Institute 2025
Library updated: July 3, 2025 20:08 UTC (build b1d7be4)