Nearly 20 years after the Agile Manifesto was released, similar inefficiencies still plague application security efforts in software development. Security is often seen as something separate from—and external to—software development. It’s time to change the approach to building secure software using the agile methodology.
To build secure software in an agile environment, it’s essential to focus on four principles. These principles are patterned after those in the original Agile Manifesto: While we value the things on the right, we must value the things on the left more.
The goal of the Agile Security Manifesto is to guide you as you develop of new activities and adjust existing activities to make the switch to agile security. The four principles it describes are meant to inspire you to build secure software in an agile way:
- Rely on developers and testers more than security specialists.
- Secure while you work, not just after you’re done.
- Implement features securely instead of adding on security features.
- Mitigate risks rather than fixing bugs.
Learn how adding these principles to your own agile process can help you integrate critical security measures in a natural, efficient way.