The US Department of Homeland Security recently launched a web site called Build Security In. There are a lot of articles there about how to develop software securely. I contributed significantly to Architectural Risk Analysis, including the figures of a state diagram and a communications flow. It’s worth a read.
Architectural Risk Analysis