It’s about meeting the developers half-way, and that’s mentioned, but it can’t be stressed enough. I just worry this might be used as an excuse for not writing secure code. If you tell developers they don’t have to worry about insecure code because a framework will save them you may as well tell them they can avoid exercise and eat all the twinkies they like because there’s a magic pill for that too.

I’ve heard the arguments for the agile developement method from people all for it and people who don’t care for it, and even people who just don’t care at all. I think it all boils down to the fact that the project management style and tools really just don’t matter. Pick a methodology and stick with it. Or better yet, choose what will work in your organization and take the best parts from several of the popular “fads” — use what works. The skills of the programmers matter more than which way you want to tackle planning, meetings, and management’s visibility.