Research

Insights from real scan data.

Aggregate posture across the public websites scanned through SecureMonk. Each article runs against live data and refreshes daily. Current sample: 3,153 unique hosts.

The state of open source security

Open source is now the software supply chain, and the attackers know it. The numbers and the incidents (xz, polyfill.io, tj-actions, Shai-Hulud) that defined the era, and what actually reduces the risk.

State of TLS on the public web

What TLS protocol versions, cipher hygiene, and certificate algorithms look like across our sample.

Most common security-header misconfigurations

Which HTTP security headers are missing most often, and why the gap keeps persisting.

Certificate expiry and trust patterns

Validity windows, expiration risk, key-algorithm choice, and OCSP stapling adoption.

These pages are research-style aggregates of real scan data. The sample is not random. Sites scanned through SecureMonk skew toward developer-curiosity targets and the homelabs of the people running the scans. Treat the absolute percentages as a snapshot of this corner of the web, not a global figure.