Rocky has posted up about an interesting feature in the MSF Agile 4.0 process template in Team Foundation Server BETA 3. The scenarios that Rocky is creating wouldn’t have necessarily fallen out of the first round of analysis of the business requirements. Someone, probably the customer would have said something like “oh, and this has to be secure too – lets not forget that”.
In Team Foundation Server (with the MSF Agile 4.0 process template) we have a special place to put these kinds of broad, non-specific requirements. It is called a Quality of Service Requirement and you would have them for security, performance and maybe even things like “Sarbanes-Oxley”. These quality of service requirements would then typically be assigned to one of the team members for them to address.
In many cases this might involve getting in specialists like Rocky to build a detailed threat-model of a piece of software and then from that produce scenarios for testers to execute to verify that a piece of software is not vulnerable.
The point is that the linking mechanism in TFS allows you to create this navigatible web of scenarios, quality of service requirements, risks, bugs and general tasks to get the work done. You manage this complex web by building queries and reports to work through things assigned to you.
At project inception I wouldn’t be surprised to see explosive growth in the number of work items being created (it helps to break them up across iterations). If you are implementing TFS mid-iteration like a team that I am working with just did, you can expect your graphs to show a vertical race as new work items are discovered and resolved almost as quick.