The golden era of application security has arrived, with assessment tools and good literature making knowledge more accessible. To make the most of this era, companies should focus on three key areas: setting clear security requirements, embedding a security champion into development teams, and building credibility with developers to create trust. Clearing the way for learning by defining what application security is will help developers understand their role in it. By making development teams self-sufficient with a security champion, teams can become more proactive in securing their applications. Finally, building credibility with developers to create trust is crucial, as many developers are passionate about good quality and want to do the right thing, but often lack mutual understanding with information security professionals.