I ask here because I don't want to pollute tech@, you told about those dangerous idioms, is that all knowledge collected anywhere? Even I know a lot of secure coding practices, I that would be interesting to read.
And question comes to my mind.. Is there attempts to use this knowledge in tooling? Something like using secure version of language, like some C-dialect that compiled source-to-source to standard, portable C or some skripts that automatically audit code?