Re: Not yet engineering
@Dave 15 "First off the standards have flaws and are usually riddled with must, should, could... so what shoulds are done. what coulds?
I didn't say ISO standards. I work on these and while some are excellent, others leave quite a lot to be desired. Tthey are all developed usning a consensus on current practice, so the adequacy of current practice determines the validity of the standards.
What I did say was "standards that have been verified themselves as sufficient. Not necessarily international standards (though that would be nice). Internal standards, if they're adequate, would do fine. However in most commercial environments where I've been called in to evaluate development practices I've found little evidence of any formal standards in use - indeed in many cases, not even recognition of OWASP.
BTW it's perfectly possible to modularise development so it's agile while still ensuring staged verification of output. Conceptually, agile is not antithetical to established engineering practice, it simply doesn't often make use of it at present. One possibility might be each sprint a little waterfall.