The UK Government Digital Service says that agile methods can work for government systems, as long as security is embedded into the development process, according to UK Authority.
GDS team member Michael Brunton-Small explained at a security conference that compromises can exist between traditional security approaches and the more open, agile way of working.
[S]ystems that are simpler are easier to understand and secure, he advises: “It’s the role of security teams to make it easy for product teams to choose the secure option. For example, security teams can provide libraries for identification or authentication, or patterns on how to configure software.”
Read the full article: Agile doesn’t mean ‘insecure’ | UK Authority