Which of the following is a good practice regarding security concerns in a Scrum Team?

Including security concerns as Product Backlog items is a proactive and effective practice within a Scrum Team. This approach ensures that security is considered as an integral part of the product development process rather than being treated as an afterthought. By adding security-related tasks to the Product Backlog, the team can prioritize them alongside other features, ensuring that security improvements and requirements are implemented incrementally and iteratively.

Addressing security in this manner allows the team to continuously reflect on security implications during Sprint Planning, Daily Scrums, and Sprint Reviews. It promotes ongoing awareness and action regarding security throughout the development lifecycle, facilitating timely identification and mitigation of risks rather than allowing them to accumulate or surface only during audits or emergencies. This integration into the backlog also supports better alignment with the overall goals of the product, enabling teams to deliver not only functional and user-friendly products but also secure ones.