Secure, Resilient, and Agile Software Development

Chapter 2 Deconstructing Agile and Scrum

For purposes of context setting and terminology, we’re going to deconstruct the Agile/Scrum development methodology to discover areas in which appsec controls help in securing software in development and also help to control the development methodology itself. We’ll look at ways to use Agile to secure Agile.

Let’s revisit the overall scope of the Agile/Scrum process, shown in Figure 2.1 (originally Figure 1.1).

There’s Agile/Scrum as a formal, strict, tightly controlled process, then there’s Agile/Scrum as it’s implemented in the real world. Implementation of Agile will vary from the fundamentalist and purist views to various elements that appear as Agile-like processes, and everything in between. It’s ...

Get Secure, Resilient, and Agile Software Development now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Secure, Resilient, and Agile Software Development by Mark Merkow

Chapter 2

Deconstructing Agile and Scrum

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly