Sorry, if that appears harsh - but sometimes it pays to read manuals and try and understand what you're doing and how the stuff works.
I don't exactly remember when I learnt it first - but I DID already know when I also got told about it during my CS BSc degree course (probably 1st or 2nd year - which would place it about 1998-2000).
If you need to code stuff "securely", you need to understand how stuff works -- I don't think of myself as a particularly apt security coder or hacker - I mainly specialise on internal systems integration, not so much web or other front-end stuff, so I have the luxury that I already know the data is "sane", before it gets to me - and I "only" need to figure out how to transform it and where to send it on to.
Here are a few pointers, where you might read about it:
The first -- argument that is not an option-argument should be accepted as a delimiter indicating the end of options. Any following arguments should be treated as operands, even if they begin with the '-' character."
Even wikipedia mentions it - even though not strictly a "developer" resource:
"In Unix-like systems, the ASCII hyphen-minus is commonly used to specify options. The character is usually followed by one or more letters. Two hyphen-minus characters ( -- ) often indicate that the remaining arguments should not be treated as options, which is useful for example if a file name itself begins with a hyphen, or if further arguments are meant for an inner command. Double hyphen-minuses are also sometimes used to prefix "long options" where more descriptive option names are used. This is a common feature of GNU software. The getopt function and program, and the getopts command are usually used for parsing command-line options."
If that's too far to go - try "man getopt" on your linux machine:
The parameters getopt is called with can be divided into two parts:
options which modify the way getopt will parse (options and
-o|--options optstring in the SYNOPSIS), and the parameters which are
to be parsed (parameters in the SYNOPSIS). The second part will start
at the first non-option parameter that is not an option argument, or
after the first occurrence of `--'. If no `-o' or `--options' option
is found in the first part, the first parameter of the second part is
used as the short options string.
man rm - and even rm --help on linux show it:
To remove a file whose name starts with a '-', for example '-foo', use
one of these commands:
rm -- -foo
" ...though without explaining the "--" in general...
man chown doesn't mention it, but refers to the full documentation in texinfo and how to access it - that one says under "Common options"
Delimit the option list. Later arguments, if any, are treated as
operands even if they begin with `-'. For example, `sort -- -r'
reads from the file named `-r'.
The information is there - and in _lots_ of places - but it DOES require to occasionally read man pages or general intros, rather than using trial and error and just bodging around until something seems to work.
But, yes, it's a lot of material, and not everyone has the time to read everything -- for me this is also why I mostly rely on others to figure out system security issues... The problem to me seems more that a lot of "learn this in 5 mins" type tutorials don't include it purely for lack of time, and many just use those and still put the results up on the web somewhere.