MANIFESTO
The Agile Security Manifesto
Bridging the Gap Between DevOps and InfoSec
For too long, Security has been the “Department of No.” We value:
1. Embedded Guardrails over Gatekeeper Sign-offs
Security should be automated in the pipeline, not a clipboard checklist at the end.
Security should be automated in the pipeline, not a clipboard checklist at the end.
2. Continuous Assurance over Point-in-Time Audits
A pen test once a year proves you were secure for one day. We test continuously.
A pen test once a year proves you were secure for one day. We test continuously.
3. Risk-Based Context over Checkbox Compliance
We fix what actually matters to the business, not just what the auditor asks for.
We fix what actually matters to the business, not just what the auditor asks for.
4. Shared Responsibility over Siloed Blame
Developers are responsible for security. Security is responsible for enabling developers.
Developers are responsible for security. Security is responsible for enabling developers.