When it comes to personal security best practices, there are some pieces of advice that are universally good ideas:

Hackers continue to use new techniques to wreak havoc on software applications and get access to sensitive data. The most effective way to reduce broad-scale application security risk is to conduct threat modeling...

While I realize that the reason DREAD has withstood the test of time is due to it's simplicity and clarity, I think that accuracy and a clear "you need to do something now" is essential.

DREAD has withstood the test of time is due to its simplicity and clarity. If you make things too heavyweight, people are less likely to use it. Also, when classification systems are too granular, more time is spent...

What's the single most impactful step you can take to improve the security of your applications and your application development process?