A short while ago I've mentioned this blog to someone who read through posts and then came back, saying: "Nice ideas, but did you actually implement any of this?"
Here's what we've managed to implement at work, all or most of the ideas in these topics:
Code review tools and techniques
http://www.surrendercontrol.com/2013/05/crutches-and-static-code-analysis.html
http://www.surrendercontrol.com/2012/12/focused-code-reviews-followup.html
Application security for big web apps
http://www.surrendercontrol.com/2012/11/modern-web-application-security.html
Changing security culture
http://www.surrendercontrol.com/2012/12/changing-things-when-change-is-hard.html
