Tyically there's a hierarchy of security documents/practices. you start with principles work, like in this repo. then you look at technologies you use and start getting into specific examples.
For many platforms/services there will be security best practice sections on their sites and that's a starting point, but then as you mention even their tutorials often don't follow good practice.
The challenge for people writing standards docs is similar, new things come along all the time. How much time is availble to be dedicated to writing detailed guidance.
To give one example, the CIS benchmarks that a lot of orgs use to harden their environments are written almost purely by volunteers, so keeping them updated is a tricky game.
For many platforms/services there will be security best practice sections on their sites and that's a starting point, but then as you mention even their tutorials often don't follow good practice.
The challenge for people writing standards docs is similar, new things come along all the time. How much time is availble to be dedicated to writing detailed guidance.
To give one example, the CIS benchmarks that a lot of orgs use to harden their environments are written almost purely by volunteers, so keeping them updated is a tricky game.