The correct answer is including security testing as part of the definition of "done" for each user story. This approach ensures that security is considered and verified continuously throughout development, rather than being deferred until later. It embeds security into the regular workflow of each feature development, making security a shared responsibility of the development team.
Conducting a comprehensive security audit at the end of each major release delays security testing, which contradicts Agile principles of continuous integration and delivery. Finding security issues at this late stage is more expensive to fix.
Having a dedicated security sprint after every three development sprints creates a gap between development and security testing, allowing security issues to accumulate. This approach doesn't align with Agile principles of delivering potentially shippable increments in each sprint.
**Assigning all security testing to a specialized team that works separately **creates a siloed approach to security. This contradicts the Agile principle of cross-functional teams and can lead to delays and communication gaps.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does it mean to include security testing as part of the definition of 'done' in Agile?
Open an interactive chat with Bash
Why is continuous security testing preferable to conducting a comprehensive security audit at the end of a release?
Open an interactive chat with Bash
What are the risks of having a dedicated security sprint after several development sprints?
Open an interactive chat with Bash
ISC2 CISSP
Software Development Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access