Blog to update security trends in GitLab-hosted projects (timeframe: October 6)

Proposal

I plan to do an update on trends on for security in GitLab-hosted projects.

This is a continuation of the top 6 trends in GitLab-hosted projects that was published in April (https://about.gitlab.com/blog/2020/04/02/security-trends-in-gitlab-hosted-projects/) which was well received.

The draft outline is:

• How security vulnerabilities have trended since the beginning of the secure stage, organized by CWE (Common Weakness Enumeration).
• Trending by specific attack type (similar to the previous blog)
• Trending by CWE and specific attack type by each scanner (SAST, DAST, Secret, Container, Dependency, Fuzzing)
• What are the top risks and how have they changed over time?
• How GitLab's secure stage helps understand, manage, and remediate the risks
• Other best practices that should be followed to reduce risk

cc @rebecca due to requesting a timeframe of late September or early October as we would like to release before the Global OWASP conference which is Oct 19-23 (https://owasp.org/events/): Decided on October 6

Checklist

• If you have a specific publish date in mind (please allow 3 weeks' lead time)
  • Include it in the issue title
  • Give the issue a due date of a minimum of 2 working days prior
  • If your post is likely to be >2,000 words, give a due date of a minimum of 4 working days prior
• If time sensitive
  • Add ~"Blog: Priority" label and supplied rationale in description
  • Mention @rebecca to give her a heads up ASAP
• If wide-spread customer impacting or sensitive, mention @nwoods to give her a heads up ASAP, apply the sensitive label, and check the PR handbook in case you need to open an announcement request instead of a blog post issue
• If the post is about one of GitLab's Technology Partners, including integration partners, mention @TinaS, apply the Partner Marketing label, and see the blog handbook for more on third-party posts
• If the post is about one of GitLab's customers, mention @KimLock and @FionaOKeeffe, apply the Customer Reference Program label, and see the blog handbook for more on third-party posts
• Indicate if supporting an event or campaign
• Indicate if this post requires additional approval from internal or external parties before publishing (please provide details in a comment)