members can regularly collaborate with those in similar roles on other teams on progress, designs, dependencies, issues, and resources. This approach focuses on an integrated government-contractor release development teams should work to the same release and sprint structure to manage scope, schedules, and dependencies. As more programs adopt Agile practices, future programs can leverage an increased knowledge of user stories to teams. Release planning activities also track risks and manage inter-team dependencies if using a multi-team approach. Going into release planning, the release team and development

behavior, and other elements. Testing from the outside-in 3. Dependency Scanning – inventory the dependencies for vulnerabilities or malicious binaries 4. Source code integrity and code signing – all contributors our business logic. We inherit the vulnerabilities of these 3rd party components ii. Examine dependencies for known vulnerabilities and consolidate multiple versions of the same library iii. 2014 Verizon

iii. Everything, everything, everything is checked into version control 1. Application code & dependencies 2. Environment scripts & creation tools 3. DB scripts and reference data 4. Containers 5. build & tests to run all time, independent of developers 2. Segregated processes so we know the dependencies – eliminates “worked on my machine” 3. Package the application to enable repeatable installation