... at least in opinion's of two companies that treat software security more and more seriously (Microsoft) and lives from software (in)security (Matasano Chargen):
Here's an interesting series of articles from Microsoft
Here's much shorter article from Matasano
