By Tim Hemel, from Secure Software, an NGI0 partner:
https://www.securesoftware.org/ossssd/
This guide takes you through the world of software security, and discusses what you can do in your open source software project to ensure a more secure piece of software. What is even better is that you can be open and transparent about the security of your project, so that it is easier for people to verify whether the software’s security matches their needs, or to encourage people to adapt the software to different security needs. Making security visible will help the world to use software that is more secure.
This guide will not tell you how to deal with specific vulnerabilities or security problems. For that, plenty of books and web sites exist. Instead, we will focus on security practices that you can integrate into your development process. So let’s get started!