Security Development Lifecycle Agile (SDL)

Perhaps the greatest challenge in Agile development methods is producing secure code in a Sprint. Microsoft developed the Security Development Lifecycle with a waterfall development methodology in mind.   So what do you do in a SCRUM environment? One solution might be to take all the SDL requirements and put them into the product backlog, then pull them into the active queue (aka the sprint backlog, if you’re using Scrum) just like any other user story. Another approach is to complete the entire SDL in every iteration. Every iteration would provide secured functionality after the SDL requirements have been completed. However, a … Continue reading Security Development Lifecycle Agile (SDL)