SiliconAngle reported on a new study that found 67% of applications in the utility sector have serious vulnerabilities.  The report found that the "Window of Exposure," a key metric indicative of breach exposure for applications, has increased from 55% to 67% in the utility sector since the start of the year. The figure makes applications in the utility sector the second most vulnerable to attacks behind public administration applications.

In case you missed it, the President of the United States of America, Joe Biden, issued a new executive order in May of 2021, aimed at improving the nation's cyber security. With increase in threats and almost daily stories of new companies being the subject of ransomware and data breaches, perhaps it's no surprise that the U.S. Federal government is taking a serious look at the state of the security in federal organizations.

A new article in Dark Reading discusses the "4 Ways CISOs Can Strengthen Their Security Resilience." The article caught my attention because one of the 4 areas was to "Secure Workloads and Kubernetes Environments." I was surprised by the inclusion of this requirement not because it isn't important, but because it wasn't just considered a given in every organization today.

Forbes Magazine recently ran an article titled "If Your Cloud Security Is Static, You May Miss Indicators of Attack."  The premise of the article, that organizations are using outdated tools to address a growing and quickly changing part of their application infrastructure, namely the cloud.

The Verizon Data Breach Investigations report is probably one of the most widely read reports in cyber security.  Verizon released their 2021 edition of the report on May 13, 2021.

TechTarget recently ran an interview with "Web Application Security" author Andrew Hoffman, who explained the importance of a secure web application architecture and how to achieve it through collaboration between software and security engineers.

A recent Ponemon study found that 71% of IT professionals prefer to use best-of-breed security solutions rather than get all of their security tools from a single vendor.  This finding is especially important in the light of recent security architectures, especially SASE and Zero Trust.  

An ESG report on Modern Application Development Security released in August of 2020 found that 60 percent of organizations had experienced an attack on an OWASP Top 10 vulnerability in the prior 12 months.

A report from Acunetix, The Invicti AppSec Indicator, Spring 2021 Edition: Acunetix Web Vulnerability Report, came out with the conclusion that Web Application Security was a victim of the on-going COVID-19 pandemic.