Best Practices for Secure Development may be 5 years old but the advice is still sound. "Inasmuch as a software project does not start with coding, building security into an application does not start by implementing security technologies. We will suggest an approach recommended by the existing risk management and software building practices." The paper goes on to discuss security aspects up to implementation, stopping short of security operations, controls maintenance and security aspects of end-of-life system retirement/replacement.
More secure software development links