In this new post Snipe looks at something that we, as web developers, don't seem to think about too much when designing our applications and architectures - risk (and how to manage it).
When I talk about risk as it relates to web applications, people usually assume I'm talking about hardening applications from hackers, spammers and other ne'er-do-wells. While malicious attacks are absolutely a non-trivial part of risk management, there's a lot more to it that's just as important.
She introduces some of the basic concepts behind risk management, specifically as it relates to web applications. She points out that it's not always an external threat you'll need to worry about either. Sometimes its your own development group that introduces bugs or something that makes the system come to a crashing halt. She recommends starting all projects "risk first" and include it into your planning process. She shows how to create a "risk matrix" to get insight into the problem and the data that should be on it.
Finally, she reminds you of a few good rules (including "keep your systems simple") and that analyzing risk doesn't have to be a boring process. Figuring out where things will break, how to break them and what happens when they do can be an interesting process.