I am thrilled that we are moving a project to Java 11. I know there are even latests versions out there, but for me it seems good achievement already.
I am working with the team to have good coverage for critical components and security is a big focus.
The challenge in software development when you start from an already established product is how to balance between security and usability.
There are many things to consider, including the GDPR regulations.
What you need to do is:
1️⃣ Identify critical users and if you can, please present them solution in advance to get their feedback.
2️⃣ Identify critical customer data and how long you must keep it and how to store it securely
3️⃣ Identify the attack surface of your application and how you can mitigate any potential attacker’s attempt.
4️⃣ Priorities all the user stories you had identified. Remember, there won’t be enough time for everything, so work incrementally.