A short while ago I've mentioned this blog to someone who read through posts and then came back, saying: "Nice ideas, but did you actually implement any of this?"
Here's what we've managed to implement at work, all or most of the ideas in these topics:
Code review tools and techniques
Application security for big web apps
Changing security culture