Now-a-days, the use of agile software development methods like scrum is common in industry and academia. Considering the current attacking landscape, it is clear that developing secure software should be a main concern in all software development projects. In traditional software projects, security issues require detailed planning in an initial planning phase, typically resulting in a detailed security analysis (e.g., threat and risk analysis), a security architecture and instructions for security implementation (e.g., specification of key sizes and cryptographic algorithms to use). Agile software development methods like scrum are known for reducing the initial planning phases (e.g., sprint 0 in scrums) and for focusing more on producing running code. Scrum is also known for allowing fast adaption of the emerging software to changes of customer wishes.