This is the bomb and will now form the basis of my new security policy

If you're writing security policies you may also find The SANS Security Policy Project helpful. They currently have 25 example policies on everything from acceptable encryption use to wireless communication.

It is possibly missing stuff on LDAP but from their future developments I look forward to the next release.

There's some information here about what they're planning for future releases. I'm sure they're also open to suggestions for new sections and/or expanded coverage of current sections. If anyone's interested they don't currently have Perl listed under the upcoming language security parts either.

The name seems slightly misleading as this stuff does not just apply to open source programming.

I believe the 'Open' in OWASP refers to the fact they're releasing both the guide and their software under open source licenses. All the suggestions in the paper certainly apply to commercial application development as well.

As for funding, they have a sponsorship request on the site as well.

I am somewhat interested in helping them out with adding Perl to their supported languages. I am pretty busy though, is anyone else interested in a joint or group effort? I figure we could take a lot of information from here and from perldoc persec and the like. If anyone is interested, contact me at the email address listed in my perlmonks sratch pad. To see what languages they are going to do writeups on, see the Future Content section at this page