Managing Security Requirements in Agile Projects
Addressing security requirements from the early phases of software development is the most cost-effective way of preventing security defects. Most security requirements fall under the scope of Non-Functional Requirements (NFRs).
As many practitioners have discovered, addressing security and other NFRs in agile projects is challenging for two reasons:
- Mapping NFRs to feature-driven user stories is not trivial.
- Security controls suffer from lack of visibility. Agile processes tend to bias development teams towards building features that visibly enhance the customer’s experience or fix defects.
This article goes into a bit more detail than usual….and could really help you see how you could do this in your projects.