Quiz Entry - updated: 2026.06.20
How does SDL apply to Agile development methodologies?
It reclassifies SDL tasks by how often they must run rather than which phase they belong to: Every-Sprint, One-Time, and Bucket (periodic).
SDL for Agile adapts security practices to iterative development:
Requirements are defined by frequency, not phase:
- Every-Sprint (most critical) - security tasks in each sprint
- One-Time (non-repeating) - initial setup tasks
- Bucket (all others) - scheduled periodically
Benefits:
- Great for projects without end dates (like cloud services)
- Security becomes continuous, not a gate
- Adapts to changing requirements
Key difference from Waterfall SDL: Instead of sequential phases, security activities are integrated into the sprint cycle and categorized by how often they need to occur.