The 2011 CWE/SANS Top 25 Most Dangerous Software Errors report has been released to the public. [PDF version here]

This may be a carry-over from previous years, but I like the actual advice given for each item, even if I feel the description is lacking. Part of this is because of the modular design of the doc, where even if you grab and take offline the PDF version, you can’t click the links in the PDF file to get to the online definitions of the items. I understand, but dislike that choice.

I also really like the “Monster Mitigations” on page 35, which give the general high-level advice for framing your security posture.