Language agnostic secure coding guidelines/standards?

[peter.werner at gmail.com (Pete Werner)]

Hi all

I've been tasked with developing a secure coding standard for my
employer. This will be a policy tool used to get developers to fix
issues in their code after an audit, and also hopefully be of use to
developers as they work to ensure they are compliant. The kicker is it
needs to cover things ranging from cobol running on a mainframe, in
house network monitoring software in c and perl through to web and
desktop applications in java or .net.

I've been doing some searching to see if there is anything similar
online, but everything i've found is mostly focussed on web
applications or language/platform specific. Does anyone know of
something that may be what I'm looking for?

It's basically going to be a checklist where every item will be
something that can be audited, and the things that aren't relevant to
a given application can be ignored. The broad sections I have so far
are:

Input/Output handling
Session Control and Management
Memory allocation and Management
Authentication Management
Authorisation Management
Data Protection
Logging and Auditing
Application Errors and Exceptions

Thanks in advance
Pete