It’s data breach report day today. Or, so it seems. My brain just ‘sploded on overload from all the fresh tasty stats received. There’s not enough time today to go through everything with a fine-toothed comb. Suffice to say:

  • Data breaches are continuing to happen in growing numbers.
  • Basic security practices still aren’t happening.
  • As painful as it is to admit, it appears that regulations like PCI DSS are having a positive impact.
  • Our codebase still leaves much to be desired, though there is reason to be a bit optimistic.

That said, here’s the goods:

  1. Verizon Business 2011 Data Breach Investigation Report
  2. Veracode 2011 “State of Software Security” Report
  3. Ponemon 2011 PCI DSS Compliance Trends Study

Incidentally, if you take the combined results of these studies, one of the key takeaways ties in very nicely with this quote from the current Cloud Security Alliance (CSA) v2.1 Security Guidance: “A portion of the cost savings obtained by Cloud Computing services must be invested into increased scrutiny of the security capabilities of the provider, application of security controls, and ongoing detailed assessments and audits, to ensure requirements are continuously met.” (h/t Gunnar Peterson)