This study examines trends in application development security. It looks as the extent to which security teams understand modern development practices, what influences application security investments, and the dynamic between development teams and cybersecurity teams.

The objective of this report is to provide nuanced insight into the ICS risk and vulnerability landscape, the challenges it poses to operational technology (OT) security practitioners, and what conclusions can be drawn from publicly available data.

Robert Walters and VacancySoft have partnered together to analyse the UK cybersecurity hiring market, exploring the key trends that havemaintained job growth throughout 2020, and the key skills areas where we’ll see demand thrive as the decade progresses.

Now in its sixth year, Sonatype’s State of the Software Supply Chain Report continues to examine measurable practices of secure open source software development and delivery.

A review of 180 engagements performed by Rapid7 consulting, supplemented by a survey of questions given to all Rapid7 consulting customers. Addresses lessons learned from this events.

A review of lessons learned over the past year from Rapid7’s penetration testing services. Combined with survey day on social engineering and red team simulations of 206 engagements.

A survey-baed report of 1,848 IT and IT Security professionals on the challenges with vulnerability prioritization and the importance of patch management for the prevention of breaches. Touches on the challenges of CMDBs and container security.

This paper compiles observations as well as predictions on the state of cybersecurity in 2020.

This report highlights research into cyber-attack trends in the smart mobility ecosystem.

The 2020 OSSRA includes insights and recommendations to help security, risk, legal, and development teams better understand the open source security and license risk landscape.

A review of doxxing related ransomware cases handled by Kivu Consulting in a post-breach role. Explores firmographics of the organizations involved in various variants of ransomware families.

The Threat Intelligence Executive Report by Secureworks analyzes security threats and aims to help organizations protect their systems. In the first two months of 2020, they identified 3 main trends: Lesser-known government-sponsored threat groups putting data at risk, Citrix vulnerability disclosure causing spikes in incidents, and ransomware operators leveraging risk of GDPR fines as a threat.

A survey of stakeholders in operational technology (OT) environments across four industries: manufacturing, energy and utilities, healthcare, and transportation.

A deep dive into the state of deploying the latest TLS version (v1.2) and the use of this signal for correlating with broader public-facing risk surfaces and characteristics of firms.

This report sought to understand the health and security of Free and Open Source Software (FOSS) as it is today. It identifies the most commonly used free and open source software components in production applications, and examines them for potential vulnerabilities.

The annual report from Snyk on the state of open source software from a security perspective. Includes survey data from 500+ developers, internal Snyk vulnerability data from the projects monitored by Snyk, and additional aggregated source code repository data.

A survey of 273 security professionals on the implications of the COVID-19 pandemic on security perceptions.

This report from Forrester goes into the state of application security for 2020, detailing changes in the external attack methods, and changes companies should make to their application security efforts.

The annual report on the composition and findings of security testing as powered by BugCrowd’s bug bounty platform of nearly 3,500 security testers.

The third annual report from Hacker One on the state of the hacker/security testing community. Data is drawn from Hacker One’s community of bug bounty registrants and subscribing platforms.

The fourth annual report from Hacker One on the state of the open security testing community, using data from Hacker One’s bug bounty program.