The State of the State of Application Exploits in Security Incidents
By the Cyentia Institute with contributions from F5's Sander Vinberg and Ray Pompon.
The State of the State of Application Exploits in Security Incidents - is not a typo. It is a multi-analysis of several prominent industry reports, each of which covers the state of application security.
This report is both an attempt to stitch together a more complete view of application security and an attempt to assess our own understanding of application security in the process. More specifically, we examine published industry reports from multiple sources so that we may develop a better understanding of the frequency and role of application exploits in security incidents. Along the way, we demonstrate the challenges of multi-source analysis and offer recommendations on how research producers can make it easier for those who want to piece together the bigger picture.