Some Good Ideas on Adapting Agile Dev to Security Needs

Writing in Reg Developer, Jeff Williams explains some useful routes around the waterfall mindset of traditional security analysts and the agile development methods actually in use to write code.

Short on details, and I dunno how you get from unit-level security testing to integration testing; after all, the security holes tend to lurk in the seams between systems to an even greater extent than "regular" bugs do -- but thought-provoking.