Every January, we get a lot of valuable insights by looking back at our most popular blog posts in the previous year, and 2018 was no exception. The posts that resonated the most last year paint a clear picture of topics most important to the security and development communities – from open source risk, to using AppSec as a competitive differentiator, to security’s new role in a DevOps world. The popularity of these posts highlights the big application security questions and concerns on the minds of security professionals and developers in 2018.
Open source risk still a major concern
Just as in the previous couple years, open source risk was a hot AppSec topic in 2018. Applications are increasingly composed of more open source code than first-party code, and that trend has serious security implications. A blog about the trends in open source security and two blogs about 2018 breaches related to open source code were featured in our top-10 most popular blogs:
Trends in Open Source Security
New Apache Struts Vulnerability Highlights Need for Software Composition Analysis
How to Prevent a Breach from Spring Break
Software security becomes a competitive differentiator
We’ve started to hear organizations talk about the need to use application security as a competitive differentiator. If their software is secure, and the competition’s isn’t, they’ve got an edge. In fact, we launched our Verified program last year to address this need. Increasingly, quality software means secure software, and customers now consider quality in terms of both functionality and security. Not surprisingly, this blog on the topic by our VP of Engineering Maria Loughlin garnered a lot of attention last year:
Software Quality Is a Competitive Differentiator
Security needs to expand its development knowledge
Security’s role is changing as DevOps models take hold. As security shifts left and moves into earlier phases of the development lifecycle, security teams need to work much more closely with development teams and, in turn, require more than a surface understanding of developers’ priorities and processes. This blog that outlines details of that understanding resonated with our readers this year:
Security: Here’s What You Need to Know About Development
Did you miss any of these posts last year? Don’t miss a thing in 2019; subscribe to our blog.