Just saw this on Slashdot.
Secure Interaction Design
Its a list of 10 suggested principles for secure interaction design, by Ka-Ping Yee.
Ka-Ping Yee is one of the fore most (maybe only??) experts in the field and has been involved with quite a few cool projects over the years.
I'm big on Capabability Security, which Ka-Ping is quite heavily involved with as well.

The list makes a lot of sense to me and they even have some handy colorful charts you can print and paste on your cubicle wall.

Tyler Close who I've mentioned before here has got some interesting stuff coming in the field as well that I'm playing with now. I'll post a review fairly soon, but I can say that it's a java based secure xml configurable SQL 2 Web Services platform, based entirely on Capability Security.

He has quite a few cool Open Source libraries for doing such applications available now.

The reason I bring up Tyler here is that Tyler and Ka-Ping have both been quite active in the development of Mark Miller's amazing E Secure P2P Scripting Language

Many of Ka-Ping's prototypes have been hacked up in this unique language. The language and runtime is written in Java and supports most Java libraries.

But handles things like Crypto, Capabilities and Identity fairly transparently.

The language is still developing, but I think they've frozen the language features by now. (The mailing lists where for years full of ex lisp/python etc. people discussing their favorite features).