[icebraining]

Deadline-driven development? At least for security, that sounds like a dangerous approach. What if something that's not the first priority but is still important doesn't make the cut? Likewise, should you be adding non-important features that will increase your maintenance burden just because you have free time to write them?

[mistermann]

> Deadline-driven development? At least for security, that sounds like a dangerous approach.

This is a valid opinion, but management better be privy to these discussions. I've interacted with technical teams who believe their technical opinions and decisions were completely not the business of the people who were signing their checks. Actually, even a subset of management being privy to the conversations isn't always enough - unless there's a good reason, I'd advocate for the details of conversations and especially differences of opinions to be publicly available to most anyone within an organization.

[mattLummus]

I think this is an important point. Culture plays a huge part in the decision making process. Good security generally starts from an organizational acknowledgement that security is important. Everyone has deadlines and budgets so you must actively prioritize what will actually make the cut.