The purpose of this guide is to discuss-industry accepted secure development practices specially applied to the open source context. While there are many references and documents freely available on the internet, this guide specifically talks about secure application design and secure development processes and practices.
This guide is divided into two parts. The first part deals with Secure development processes and practices while the second part deals with secure coding practices (Previously called Fedora Defensive coding guide
All types of contributions to this document are welcome. PRs are preferable. For larger changes, it would perhaps make more sense in discussing them beforehand before filing change requests.