This report answers some questions about Bug Bounty organizations.

This is a report on cloud security trends.

This report, based on responses from nearly 200 IT and security practitioners surveyed, explores the current state of vulnerability risk management, the challenges that directly impact the remediation process, and the outlook for improvement in the coming year. In addition, compliance drivers and executive awareness of information security threats are considered to demonstrate their influence on effective vulnerability risk management.

This is an infographic that details things every CISO should know about Open Source Security.

This is an infographic that summarizes the Redlock report of the same name.

This report tackles security issues related to the Internet Of Things.

This report from the U.S. Department of Health And Human Services, offers insight into how the FDA has taken steps to address emerging cybersecurity concerns in networked medical devices by issuing guidance, reviewing cybersecurity information in submissions, and—when needed—obtaining additional information from manufacturers. It also discusses how the FDA could take additional steps to more fully integrate cybersecurity into its premarket review process.

This paper begins with a review of data sources available for building or improving decision models for vulnerability remediation. It then discusses the vulnerability lifecycle and examine timelines and triggers surrounding key milestones. Identifying attributes of vulnerabilities that correlate with exploitation comes next on the docket. The last section measures the outcomes of several remediation strategies and develops a model that optimizes overall effectiveness.

This report gives a clever way to understand Cloud security topologies. It breaks all of the concepts down into a simple continuum.

This report is intended to help you get up to speed on the latest developments in the WAF space, to better understand how you can incorporate and integrate WAF technology with your existing and planned technology deployments, including cloud, on-premises, and hybrid topologies.

Subtitled “Insight for helping businesses manage risk through payment security”

DevOps and security leaders recognize that DevOps requires a fresh approach to security that mitigates risk and uncertainty without impairing velocity. This e-book presents six guiding principles for enabling DevOps security at scale.

This newly released SANS survey suggests the need to broaden the definition of endpoint to include the user. The two most common forms of attacks reported are browser-based attacks and social engineering, both of which are directed at users, not technology. Download this survey report to learn other key issues surrounding endpoint protection.

This is a good report to read if you are interested in learning how to properly, and succesfully, report risks and vulnerabilities to boardmembers and executives.

This report seeks to offer insight into the cybersecurity world and to analyze the dangers and pitfalls of the transition in the profession.

This report discusses the necessity of Security Operations Centers, and how they can help with Cyber Events.

This e-book takes a look at what a good CDN should do.

This is a brief playbook that gives a plan for how to get started with cloud security.

The present trend study “The State of Industrial Cybersecurity 2018” seeks to answer the questions, what do use companies really want? What Are their priorities, and what concerns and challenges do they face? What external and internal factors are impacting industrial cybersecurity? What strategies and measures are being employed, now and in the future?

This report illustrates how organizations are implementing proper Cyber hygiene, if at all. To gather this data, Tripwire partnered with Dimensional Research, sending a survey to independent sources of IT security professionals. The survey was completed by 306 participants in July 2018, all of whom are responsible for IT security at companies with more than 100 employees.

This report advertises itself as a “vendor-agnostic” report. Now in its fifth year, this report has become a staple among IT security leaders and practitioners. They stick to the usual suspects in cyber threats, but also outline some new areas related to Cloud investment, app containers, reliance on mobile devices, and the continuing damage of ransomware.