Care and Feeding of Your Security Champion

Abstract

In agile software development, adoption of security practices poses challenges, often because security activities are not prioritized, or because the practitioners are not able to see the relevance and importance of the activities to the improvement of the security in the project. In many teams, security activities can be seen as an innovation and as such, there is a need for a champion to realize these innovations in the teams. Security champions make software security possible. Even though all developers need to know a minimum of software security, every team needs someone to lean on when the ride gets rough – and that person is the security champion. In this paper we present the results of a case study with security champions and possible steps for establishing and maintaining this role in agile teams.