In this article, Jeff Williams reflects on lessons he learned while teaching application security to developers, architects and managers, and how instructors can help developers avoid making mistakes that create security risks for their companies. Check it out here:
http://www.informationweek.com/security/application-security/secure-code-starts-with-measuring-what-developers-know/d/d-id/1113154