The problem that agile, or iterative, development solves is validation of design quality. Planning big is known for notoriously missing small details, and this is exactly where security vulnerabilities are. What iterative development does well is to validate design, stage by stage (or feature by feature), by the quality of the code implementing it. It is a rule that I learned that poor design always yields poor code, yet no one can prepare perfect design upfront. In iterative development there is a feedback loop from code to design (which is not possible in traditional waterfall model) which allows for design to mature before product is completed, as well as to avoid writing unsecure code by refining design. Two kinds of people (both difficult to come by) are required : coders good enough to recognize and oppose bad code as well as designers humble enough to take and act on input received from coders. In agile these two roles are often combined (coders are also designers), and it works rather well, but is not required.