Product Security Work
Overview coming soon.
Overview coming soon.
Being able to consistently track work to be done and prioritise that backlog of work is essential for security and overall Product delivery and Product Teams must have a system in place for this.
This framework places the responsibility with the Product Teams for scalability and to allow for the right approach to be taken for each Product Team. As this policy is the “What“ and the “Who“, it doesn’t state how work should be tracked. There are many popular tools for this or you could simply have sticky notes on a whiteboard.
This objective, and the other similar ‘include‘ objectives, simply state what work has to be included as part of Product Security Work. You may want to include more, but you cannot be missing any of these and still deliver a secure Product.
This objective, and the other similar ‘include‘ objectives, simply state what work has to be included as part of Product Security Work. You may want to include more, but you cannot be missing any of these and still deliver a secure Product.
This objective, and the other similar ‘include‘ objectives, simply state what work has to be included as part of Product Security Work. You may want to include more, but you cannot be missing any of these and still deliver a secure Product.
This objective, and the other similar ‘include‘ objectives, simply state what work has to be included as part of Product Security Work. You may want to include more, but you cannot be missing any of these and still deliver a secure Product.
As the decision-maker for prioritisation of Product work, the Product Lead is accountable for work relating to the security of the Product being done.
This means the Product Lead assigns the necessary delivery time and ensures the Product Team has the necessary capabilities to complete the work. Product management/ownership must balance the functional and non-functional aspects of Product quality to be effective and the Product Lead is accountable for their Product’s security quality alongside the other aspects of quality.
This, and its corresponding Product Quality Metrics objective, combine to form the continuous quality improvement loop that each Product Team is responsible for and each Product Lead is accountable for.
Product Teams make informed decisions on work priority based on clear information on all aspects of their Products current level of quality and on clear information on how well the Product Team is delivering change. The two types of information must be considered together to ensure that no aspect of Product quality is below that required by the Product Delivery Organisation and that the Agreed Ways Of Working and Product Working Practices are not adversely affecting delivery to a level unacceptable to the Product Delivery Organisation.
This, and its corresponding Product Delivery Metrics objective, combine to form the continuous quality improvement loop that each Product Team is responsible for and each Product Lead is accountable for.
Product Teams make informed decisions on work priority based on clear information on all aspects of their Products current level of quality and on clear information on how well the Product Team is delivering change. The two types of information must be considered together to ensure that no aspect of Product quality is below that required by the Product Delivery Organisation and that the Agreed Ways Of Working and Product Working Practices are not adversely affecting delivery to a level unacceptable to the Product Delivery Organisation.