Now when James McGovern repeats his question of "when will Oracle show how to write secure code" we can point him to this post :).
First - make sure to read and check-back with Oracle Secure Technology Center.This is basically one-stop place for all of our security information. Oracle covers everything from OS to applications. And this location covers that breadth with links to deeper-dives.
Second - our Chief Security Officer Mary Ann Davidson has been trying to get developer education ecosystem (e.g. CS programs and their cousins) to do a better job of teaching secure coding. I believe she articulated the problem very well in her post - "The Supply Chain Problem".
Third - read this book (Mary Ann Davidson recommends it in her Supply Chain Problem) - Foundations of Security: What Every Programmer Needs to Know.
Fourth - if you do anything with the database- David Knox's Effective Oracle Database 10g Security by Design is still the go-to resource. It's book #2 on my tech shelf- after my own (me being first is mostly a vanity thing :)).
As an addendum - if you are writing code in ADF you should check out the new tutorial based on the new demo application - "Fusion Order Demo" . Besides learning all of the cool things ADF/JDev bring to the table - Chapter 28 covers how to leverage the external security framework. I hope to be able to use this application to demonstrate more of our capabilities - in particular OVD/IGF but possibly others too.
