For several years, people have been talking about security patterns, writing a few of them, and trying to organize larger efforts. One of the things I enjoyed about this PLoP was the discussions about security patterns, because it appears that things are finally taking off.
The OpenGroup has an on-line book of security patterns. Bob Blakley is the one I always talk to about it.
There is a big writing project at SecurityPatterns.org. They have a lot of patterns written, but they need to be polished. They need reviewers, so if you want to be a part of something big, ask to be on their reviewer list. You don't have to be an expert to be a reviewer. Authors need to have some reviewers who are average readers and who can tell the authors when the writing is not clear enough. Experts are also necessary, of course. Experts can say where the authors left things out, but experts tend to skip the examples and so don't notice the little glitches that always occur. Those glitches are most likely to be found by someone who doesn't know the material and is trying hard to learn it by studying every detail.
There is a group at Sun called CoreSecurityPatterns. They have an outline of their patterns but so far haven't published much. I haven't talked to them, but perhaps it would be possible to become a reviewer for them, too.
Although I am not a security expert, I have written my first security paper! "The Security Architecture of qmail" (number 20 on the list of PLoP papers describes qmail in terms of a sequence of patterns. Many of these are not security patterns, but patterns that make up the core of qmail are. The architecture of qmail not only allows it to be much more securie than sendmail, but a lot smaller and even a little faster. Often increasing security makes a system more complex and slower. qmail shows that does not have to happen.