Thursday, July 5, 2012

Fitting Security into the Agile SDLC

Microsoft have some good guidance on this

http://www.microsoft.com/security/sdl/discover/sdlagile.aspx

My personal opinion on this, is that it does look good, however teams starting out with Agile processes should get the basics right first.  I've seen companies rush through Scrum implementations too many times with little or no training and change management, only to fail.  Once you have the basic Scrum process running smoothly concentrate on implementing good up front design practises, including security.