The maturity model Security Belts adds the role of the Security Champion to the Agile methodology. The Security Champion ...
- is a developer, who is also part of the team.
- has profound security knowledge but is not necessarily a security expert.
- empowers the team such that they can ensure the security of their software products by themselves.
- enables the team to improve themselves concerning software security and raises the importance of security within the team (developers and product owner) as well as towards the management.
Security Champions must attend a thorough training. They need an overview of the complete security development lifecycle (SDLC), theoretical background, practical knowledge, and the necessary soft skills to fulfill its role. Examplary trainings are:
- XXX - Security Champion Training
- suggestions welcome