Lightweight threat modeling and mitigation: integrating security into agile development
Security engineering is commonly understood as cumbersome, documentation-heavy and at best a necessary evil for agile, fast-moving development teams. We will present a lightweight threat modeling and mitigation method tailored for an agile software development organization. Our presentation will include the state of the art of prior proposals regarding the inclusion of security engineering activities in agile development processes. We then present the minimum of security engineering to be included in the SCRUM process and highlight the real-world experience gained so far.