Towards risk-driven security requirements management in agile software development

The focus on user stories in agile means non-functional requirements, such as security, are not always explicit. This makes it hard for the development team to implement the required functionality in a reliable, secure way. Security checklists can help but they do not consider the application’s context and are not part of the product backlog.