An internal development team has migrated away from Waterfall development to use Agile development. Overall, this has been viewed as a successful initiative by the stakeholders as it has improved time-to-market. However, some staff within the security team have contended that Agile development is not secure. Which of the following is the MOST accurate statement?
A . Agile and Waterfall approaches have the same effective level of security posture. They both need similar amounts of security effort at the same phases of development.
B . Agile development is fundamentally less secure than Waterfall due to the lack of formal up-front design and inability to perform security reviews.
C . Agile development is more secure than Waterfall as it is a more modern methodology which has the advantage of having been able to incorporate security best practices of recent years.
D . Agile development has different phases and timings compared to Waterfall. Security activities need to be adapted and performed within relevant Agile phases.
Answer: D