Andrew van der Stock has started providing more details about a proposed security architecture for PHP, beginning with the SABSA (Sherwood Applied Business Security Architecture) approach. This approach is broken down into layers:

• Contextual
• Conceptual
• Logical
• Physical
• Component

He describes each of these layers and how they relate to PHP, and he also hints that more details are coming:

In the next installment, I'll start enumerating the current risks and identifying business drivers.