4Feedback from ETAS• Agile Egg restricted to ETS rather than end-to-end lifecycle• Roles for Architects and Security not included in Agile Egg definition• Need to be involved in project initiation phase before budget is fixed– Hard to find out when new projects start – late involvement leads to rework– Uncosted security requirements end up competing with business functionality– Projects have gone live without security and need patching later due to lack of budget and late involvement of Security team• Not involved in risk analysis at project start – sometimes risk analysis does not happen at all• Agile has been used as an excuse by ETS not to produce documentation so now it is harder to find out the current system design• Influx of new developers/partners still building up understanding of Egg code-base and architecture– can cause more work for Security team– not aware of existing architectural conventions
< Page 4 | Page 6 >