Understand Every Project's Risks

It is essential that every developer and manager know what risk game they are playing. To fully know the risks, you must learn the answers to the following questions:

• what is the worst-case scenario for the application?
• what are you defending, and from whom?
• what is your incident response plan?

Always take advantage of cases when you are not under attack, and you have some time to address these issues.

(from SecDevOps Risk Workflow book, please provide feedback as an GitHub issue)