I wrote an article about some of the failures in wallet randomness we've seen in the past 12 months:
https://medium.com/@octskyward/type-safety-and-rngs-40e3ec71ab3aIt's a 6 minute read, but the tl;dr summary is:
1) Find ways to make the type systems you are working with stronger, either through better tools or better languages
2) Try and get entropy as directly from the kernel as possible, bypassing userspace RNGs
I should practice what I preach - bitcoinj could be upgraded to use the Checker Framework for stricter type checking, and we currently only bypass the userspace RNG when Android is detected. I'll be looking at ways to make things stricter and more direct next year.