The story is accompanied by a set of tasks to accomplish this goal, each one marked with the category of team members who should work on each task. One task associated with the story in the example above is directed toward developers and testers and reads: "[D/T] When generating dynamic web pages, filter the input for any browser-executable content that is not intended (for example, from user-originated fields in a database). Consider all forms of input of content that might eventually be presented to and consumed by a browser, like events generated outside the system, log messages, arguments in a URL, form field values, etc. Perform this filtering at server-side, close to use."
Depending on how much is accomplished toward that goal after the first sprint, it may remain as a task for the next one or be refined to address new issues that crop up. The task list is meant to guide Agile teams toward accomplishing goals that will lower risk of vulnerabilities, but not by setting down a rigid set of steps that may not be applicable to all projects.
"Incorporating security in Agile was a challenge," for SAFECode member companies, Bonvar says. "They decided to share their experiences, what they had success doing."
Read more about wide area network in Network World's Wide Area Network section.