This is the bomb and will now form the basis of my new security policy
If you're writing security policies you may also find The SANS Security Policy Project helpful. They currently have 25 example policies on everything from acceptable encryption use to wireless communication.
It is possibly missing stuff on LDAP but from their future developments I look forward to the next release.
There's some information here about what they're planning for future releases. I'm sure they're also open to suggestions for new sections and/or expanded coverage of current sections. If anyone's interested they don't currently have Perl listed under the upcoming language security parts either.
The name seems slightly misleading as this stuff does not just apply to open source programming.
I believe the 'Open' in OWASP refers to the fact they're releasing both the guide and their software under open source licenses. All the suggestions in the paper certainly apply to commercial application development as well.
As for funding, they have a sponsorship request on the site as well.