Comment Re:Terrible coding standards (Score 1) 430
Security is somewhat at the developer level, but usually only in a few cases where the software really is security related and gets properly audited before release. Those kinds of software projects are far and few between and even then the documentation is still lacking. Even then that's easier because the people doing the auditing are themselves coders. Documentation requires a whole different skill set (see Word Crimes by Weird Al) that is not always held by coders.
For most other apps, security rests at the system level and is thus outside the scope of what the developers are working on. In some cases the compiler will alert them to common problems.
The best kind of documentation you're going to get for now is really what we have now - some combination of end users writing on their blog, posts to stackexchange, or threads in mailing lists. And some of those may or may not apply to the code that's currently in use.
Longer term, there's things like what synfig does by crowdfunding development efforts including documentation and training. This has a lot of potential, but can quickly get expensive for end users.