Don't be shy about contributing, please!
First of all, some links:
- Open Web Application Security Project (OWASP) http://www.owasp.org/index.php/Main_Page Very active, even developing automated test solutions and such. Tons of list serves and such.
- Web Application Security Consortium (WASC): http://www.webappsec.org/ Not all that active, it appears, but there's some interesting info.