Definition of done, ready — and security

We all do some kind of agile software development these days. While people may argue over the benefits, a large number of software development houses are transforming themselves to “go agile”. These transformation periods are generally chaotic and there may be difficulties in following an organisation’s security policy when implementing agile.

In this post I will explain how some (not all) of the security requirements can become part of Definition of Done as well as Definition of Ready.