Is there a version of the "World Quality Report" for AppSec (instead of Functional Testing)?

The World Quality Report (WQR), published annually by Capgemini, Sogeti, and OpenText, is a comprehensive study that analyzes trends in quality engineering and testing across various industries. While the WQR encompasses multiple facets of software quality—including performance, usability, and security—it does not exclusively focus on Application Security (AppSec).

As of now, there isn't a direct equivalent to the WQR solely dedicated to AppSec. However, several reputable organizations provide in-depth reports and resources focused on application security:​

1. OWASP Top Ten: The Open Worldwide Application Security Project (OWASP) publishes the OWASP Top Ten, a regularly updated report highlighting the most critical web application security risks. This resource is widely recognized and utilized by professionals to understand prevalent vulnerabilities and best practices in AppSec. ​Wikipedia

2. Veracode State of Software Security (SOSS) Report: Veracode releases an annual report that delves into the security posture of applications, analyzing data from numerous scans to identify common vulnerabilities and trends in software security.​

3. Synopsys Open Source Security and Risk Analysis (OSSRA) Report: This report examines the state of open-source security, compliance, and code quality risk in commercial software, providing insights into how organizations manage and secure their software supply chains.​

4. IBM X-Force Threat Intelligence Index: IBM's annual report offers a comprehensive overview of the global threat landscape, including insights into application security threats and vulnerabilities.​

These resources collectively offer valuable insights into the current state of application security, helping organizations and professionals stay informed about emerging threats and best practices in the AppSec domain.