My post for this year’s Web Advent was posted last night – Security in the Round. It’s a pretty high level look at something that’s easy for developers to forget about. To quote Bruce Schneier:

The mantra of any good security engineer is “Security is not a product, but a process.

It’s more than just designing strong cryptography into a system; it’s designing the entire system such that all security measures, including cryptography, work together.

It’s about people, networks, systems, hardware, processes….oh yeah, and the code. Don’t forget the bigger picture. I presented some about this (and other more PHP-related topics) at True North PHP, you can see the slides here.