This guide provides some thoughts about implementing a Vulnerability Disclosure Program.

This is an infographic that details things every CISO should know about Open Source Security.

The Blackmoon Banking Trojan was thought to be shut down in 2016. However, it has re-emerged. This paper provides a brief analysis of the revamped trojan.

This is an infographic that summarizes the Redlock report of the same name.

This paper looks at the cyber insurance market, the need for expert advice and the steps that organizations can take to ensure that they fully understand their own data risks and security vulnerabilities before taking out a policy.

This report from the U.S. Department of Health And Human Services, offers insight into how the FDA has taken steps to address emerging cybersecurity concerns in networked medical devices by issuing guidance, reviewing cybersecurity information in submissions, and—when needed—obtaining additional information from manufacturers. It also discusses how the FDA could take additional steps to more fully integrate cybersecurity into its premarket review process.

This paper takes a look at how cognitive technologies will impact security in the IoT systems. It addresses a variety of issues related to CIoT and the future that lies ahead.

This monthly threat report takes a look at the month of May 2017.

From The Report, “This year, we continue this investigation into the risk of passive eavesdropping and active attack on the internet, and offer insight into the year-over-year changes involving these exposed services.”

This report offers Security Predictions for 2018

This paper begins with a review of data sources available for building or improving decision models for vulnerability remediation. It then discusses the vulnerability lifecycle and examine timelines and triggers surrounding key milestones. Identifying attributes of vulnerabilities that correlate with exploitation comes next on the docket. The last section measures the outcomes of several remediation strategies and develops a model that optimizes overall effectiveness.

This Quarterly report offers key takeaways from the second Quarter of 2016. Those takeaways come from Email, Exploit Kits, Web-Based Attacks, and Social Media and Domain Research.

This report focuses on software vulnerabilities, software vulnerability exploits, malware, and unwanted software. It is the hope that readers find the data, insights, and guidance provided in this report useful in helping them protect their organizations, software, and users.

Before slowing down development and causing customers to revolt, security and risk pros should read this report to understand the current state of application security and how emerging techniques support the speed your business needs.

This Threat report details some early 2018 threats like cryoticurrency mining, hardware vulns, and government sponsored cyber threats.

“2017 was a huge year for mobile security. Malicious actors returned with a vengeance and cyber attacks grew rapidly in sophistication. Ransomware outbreaks like WannaCry and Petya hit enterprises globally causing unparalleled disruption, new vulnerabilities like BlueBorne were discovered and malware variants grew more aggressive and prevalent by the day. This report will summarise the key mobile security trends that emerged in 2017, and summarise thoughts for the mobile threat landscape for the year ahead.”

As the threatscape continues to evolve rapidly in both sophistication and scale, the need to protect organizations’ intellectual property, operations, brand and shareholder value, in addition to their customers’ data, is ever more critical. But how do organizations build controls for the security risks they don’t even know about yet?

This report is intended to help you get up to speed on the latest developments in the WAF space, to better understand how you can incorporate and integrate WAF technology with your existing and planned technology deployments, including cloud, on-premises, and hybrid topologies.

Subtitled “Insight for helping businesses manage risk through payment security”

This report deals with predicting the cyber threat landscape for 2016 through 2020. It does this by looking back 5 years, and analyzing the past, and also talking to folks who make predictions for the 5 years in the future.

This report reviews the cyber security threats that occurred in the first half of 2017.