Which organization offers a vast library of guidance on secure coding practices, including topics like input validation, output encoding, and authentication management?

The Open Web Application Security Project (OWASP) is recognized for its comprehensive resources on secure coding practices. It focuses on providing developers and organizations with a wealth of knowledge about various security topics, including input validation, output encoding, and authentication management. OWASP's guidelines are specifically tailored to improve software security and help mitigate vulnerabilities that can arise during the software development lifecycle.

The organization creates and maintains resources like the OWASP Top Ten, which identifies the most critical security risks to web applications, along with detailed documentation that offers best practices for addressing these issues. This makes OWASP the go-to source for developers seeking to implement secure coding standards and practices effectively.

In contrast, other organizations mentioned, like NIST, COBIT, and the Carnegie-Mellon Software Engineering Institute, primarily focus on broader security frameworks, governance, or software engineering practices and do not specialize in secure coding guidance to the same extent as OWASP.