The report, titled Avoiding the Top 10 Software Security Design Flaws, is a 30+ page paper that came from IEEE’s new Center for Secure Design, and not only does it discuss the mistakes that are being made but more helpfully, contains recommendations as to what can be done about them, cincluding validation of data that comes from untrusted clients, better authentication mechanisms, and better use of cryptography.
Check it out there:
http://media.scmagazine.com/documents/90/cybersecurityinitiative-online_22466.pdf