SafeCode has released a secure development guide that is fairly decent/in depth. "This edition of the paper prescribes new and updated security practices that should be applied during the Design, Programming and Testing activities of the software development lifecycle. These practices have been shown to be effective across diverse development environments. While the original also covered Training, Requirements, Code Handling and Documentation, these areas were given detailed treatment in SAFECode�s papers on security engineering training and software integrity in the global supply chain, and thus we have refined our focus in this paper to concentrate on the core areas of design, development and testing. The paper also contains two important, additional sections for each listed practice that will further increases its value to implementers�Common Weakness Enumeration (CWE) references and Verification guidance." A Guide to the Most Effective SecureDevelopment Practices in Use Today http://www.safecode.org/publications/SAFECode_Dev_Practices0211.pdf Regards, - Robert Auger WASC Co Founder/Moderator of The Web Security Mailing List http://www.webappsec.org/ http://www.cgisecurity.com/ http://www.qasec.com/