How to work with WRT (for team leads)
Last updated
Last updated
If the metric has increased and exceeded the risk appetite:
βArrange a meeting with the team to discuss security tasks for the upcoming sprint to reduce the metric, starting with the most critical ones.
If the metric has increased but has not exceeded the risk appetite:
βPay attention to the metric and start collecting a backlog of security tasks for the upcoming planning session.
If the metric has decreased and fallen below the risk appetite:
βPlan measures to maximize the reduction of the metric. Keep striving for zero, but at this stage, you have achieved success. Otherwise, if the team is highly occupied, wait until the metric approaches a critical value.
If the metric has decreased but has not fallen below the risk appetite:
βThe team should repeat the process until the WRT has decreased.