Valid Secure-Software-Design Dumps shared by EduDump.com for Helping Passing Secure-Software-Design Exam! EduDump.com now offer the newest Secure-Software-Design exam dumps, the EduDump.com Secure-Software-Design exam questions have been updated and answers have been corrected get the newest EduDump.com Secure-Software-Design dumps with Test Engine here:
The organization is moving from a waterfall to an agile software development methodology, so the software security group must adapt the security development life cycle as well. They have decided to break out security requirements and deliverables to fit better in the iterative life cycle by defining every-sprint requirements, one- time requirements, bucket requirements, and final security review requirements. Which type of requirement slates that the team must identify primary security and privacy contacts?
Correct Answer: B
Bucket requirements are ongoing requirements that do not need to be addressed every sprint but must be completed before project completion. Identifying primary security and privacy contacts is a bucket requirement because it is a one-time, essential task that supports security governance throughout the project lifecycle. Every-sprint requirements (D) are repeated tasks for each sprint, one-time requirements (C) are tasks performed once usually early in the project, and final security review (B) occurs at project end. Agile SDL adaptation recommendations by Microsoft SDL and OWASP emphasize categorizing security tasks to fit iterative delivery, with bucket requirements ensuring important but non-iterative activities are not overlooked. References: Microsoft SDL Agile Adaptation Guidelines OWASP Secure SDLC in Agile NIST SP 800-64: Security Considerations in Agile Development