Veracode commissioned this survey from 451 Research to understand how widely accepted andpracticed coordinated disclosure – whereby a security researcher identifies a flaw and notifiesthe company, then the two work together to fix and publicly disclose the flaw – really is andwhere the pain points reside. In addition, we wanted to explore the means organizations haveestablished to receive vulnerability reports, and the attitudes toward a coordinated disclosurepolicy on both sides of the organization and among external security researchers. We also soughta deeper understanding of the motivations of security researchers, actions when a vulnerabilityis identified, timing for disclosure, desired outcomes, how organizations structure disclosurepolicies, and the effectiveness of bug bounties.

This report covers: the security practices for each of the two different core projects, both Angular and React, the state of security of each of the two different module ecosystems, based on an in-depth look at the vulnerabilities contained in each of the ecosystems, the security practices for other common JavaScript frontend framework alternatives such as Vue.js, Bootstrap and jQuery, and the significant security differences between the different alternatives, and particularly between Angular and React

This report covers penetration prevention in the last year. It covers changes in penetration prevention such as the levels of risk incurred by applications, the way the shift to the cloud affects risk, and how the size of the business affects risk.

This report outlines the state of open source security, including open source adoption, known vulnerabilities, and vulnerability identification.

This report goes in-depth into trends in healthcare data security, surveying 26,000 companies and analyzing terabytes of information.

Sonicwall outlines the changes in the threat landscape in 2020 for companies to utilize.

A report by DZone showing trends in the changing AppSec industry.

this report t explores the vulnerability-to-exploit (V2E) cybercrime and cybersecurity supply chain, outlines the players in the different market segments and provides insights into the related economic drivers.

Risk Based Security has been sharing our Vulnerability QuickView reports with the world, providing detailed analysis on the vulnerability landscape based on data from our vulnerability intelligence product, VulnDB . Continuing from our previous 2019 Mid-Year report, this edition of the QuickView delves into the months of August through October. The information collected is displayed in a series of charts depicting various groupings, classifications, insights, and comparisons of the data

This report goes in depth on the state of software security, going into overall security, application security testing, how flaws are and are not equal, and security debt.

A survey of over 250 security professionals on security operations center (SOC) practices and how those practices relate to outcomes.

This publication from Fortinet looks at how the threat landscape has changed in the third quarter of 2018 by doing data-driven analysis with some noteworthy events pulled from Q3 2018 headlines.

This is a quarterly publication from Fortinet that looks at how the threat landscape has changed in the first quarter of 2019.

This is quarterly publication from Fortinet that looks in the current cyber security threats from April 1 to July 1.

From the report, “[This] report also captures the changing strategies used by attackers and highlights how organizations today are bolstering their defenses to stay one step ahead. It concludes with a peek into the cybersecurity areas that will be pertinent in the near future. We hope that you will benefit from the global and industry-specific insights available in this edition of the State of Cybersecurity Report and that together, we will be able to make our enterprises more resilient to withstand and recover from future attacks!”

From the report, “From January 2018 through June 2019, Akamai recorded more than 61 billion credential stuffing attempts and more than 4 billion web application attacks. In this special edition of the State of the Internet / Security Report, we’re focusing on data within the high tech, video media, and entertainment sectors — collectively named Media & Technology.”

This research was commissioned by Kenna Security. Kenna collected and provided the remediation dataset to the Cyentia Institute for independent analysis and drafting of this report.

This is a summary of vulnerability trends observed and investigated by the eSentire Security Operations Center (SOC) in 1H 2019.

This white paper describes the critical role of pen testing for web applications. It explores the economics of “classic” pen testing and considers a variety of unseen costs and points of diminishing value. The paper concludes by describing a next-generation hybrid applicationsecurity-testing-as-a-service and how it can help bring the flexibility in applying both automated app testing tools (DAST) and the human expertise of ethical hackers (pen testing) to this challenge.

From the report, “It is clear that there is no shortage of vulnerabilities to find. In the last year, Bugcrowd saw a 92% increase in total vulnerabilities reported over the previous year. The average payout per vulnerability increased this year by a whopping 83%, with average payouts for critical vulnerabilities reaching $2,669.92 — a 27% increase over last year.”

This report is essential reading for executives, security practitioners and development teams who want to better understand the present state of software security risk, and who seek to benchmark and improve their own organization’s performance.