The SAFECode organisation has just refreshed their whitepaper: Fundamental Practices for Secure Software Development. It covers a broad range of security topics with brief overviews and best practice. Each section then includes pointers to related tools and resources. I recommend it highly.
I got the link through Microsoft’s Security Development Lifecycle (SDL) website.