Secure Coding During Agile Development?
I would like to ask the group for thoughts/experience with secure coding aspects while performing agile development. Within this context, secure coding is a part of software assurance that focuses on secure methods versus quality/performance (which I understand are not mutually exclusive from secure aspects). Typical agile development focuses on achieving a certain number of fully operational capabilities within the defined short development sprint. Secure coding is not necessarily a defined single capability, but rather a set of design/coding principles interwoven throughout development. Adding in agile development "secure coding" capabilities (recursive on previously developed capabilities) would appear to be bolt-on security versus baked-in security. Does the group have any thoughts or advice on this?