Managing Security Requirements in Agile Projects

Addressing security requirements from the early phases of software development is the most cost-effective way of preventing security defects. Most security requirements fall under the scope of Non-Functional Requirements (NFRs).

As many practitioners have discovered, addressing security and other NFRs in agile projects is challenging for two reasons:

  1. Mapping NFRs to feature-driven user stories is not trivial.
  2. Security controls suffer from lack of visibility. Agile processes tend to bias development teams towards building features that visibly enhance the customer’s experience or fix defects.

This article goes into a bit more detail than usual….and could really help you see how you could do this in your projects.

Click here for full InfoQ article.