This is the bomb and will now form the basis of my new security policy. I will be fully OWASP compliant. They should offer an auditing/certification scheme to make some cash. It is possibly missing stuff on LDAP but from their future developments I look forward to the next release. The name seems slightly misleading as this stuff does not just apply to open source programming.
in reply to Guide to Building Secure Web Applications and Web Services