The Agile Manifesto was created in 2001 to provide an alternative to document-heavy software development practices. Now we’ve created our own set of principles to complement the Agile Manifesto by addressing similar inefficiencies plaguing application security. These four principles are meant to guide and inspire us to build secure software in an agile way.
- Rely on developers and testers more than security specialists.
- Secure while we work more than after we’re done.
- Implement features securely more than adding on security features.
- Mitigate risks more than fix bugs.