If you're in trouble and cannot find an answer to a question which goes beyond Stack Overflow...
If you have a not-so-usual solution for your problems but need to justify it to your boss...
If you like to think on your own rather than blindly follow "common wisdom" and "profound truth"...
...then 'No Bugs' Hare on Soft.ware might be the right place for you.
Your mileage may vary. Batteries not included

This category is dedicated to security best practices when applied to software development.
While we cannot provide a comprehensive list (yet), we are planning to keep expanding it.

Security Best Practices, page 1:

Direct Payment Processing. Recovery from ‘Unknown’ Transaction Status. PCI DSS.

Quote: “With the Direct Processing, customer should trust us (the merchant) with their details”
Another Quote: “On the other hand, most of PCI DSS requirements make perfect sense regardless of formal compliance”

Random Number Generation

Quote: “even if your RNG is statistically perfect, people will still complain 🙁 “
Another Quote: “On modern x86 CPUs, single core can generate 150M+ random bytes/second this way (and this is a Damn Lot).”

UDP for games – security (encryption and DDoS protection)

Quote: “Yes, you DO need to encrypt your UDP traffic. And no, using UDP is NOT a valid excuse to skip encryption”
Another Quote: “Personally, I prefer to think of it as of insurance – when I’m paying my premiums in hope that my money will go to waste.”