How secure software development works in the real world
Pure Agile and pure Waterfall don’t occur in the real world. Instead, software development takes place on a spectrum. There are infinite variations and most real world software teams incorporate elements of Waterfall, Agile, and other methodologies into their SDLC.
Software life cycles are as unique and varied as the organizations they serve. At each organization, security has to fit into that SDLC and give good, competent advice.
The SDLC in action
Let’s say that a company adopts long release cycles with extensive documentation. This company also plans intermediate releases every three weeks. This three-week release cycle feels very agile. They may even refer to each cycle as a sprint. However, the documentation they release and formal approval process reflect a waterfall approach. It’s important to understand that these hybrid approaches aren’t wrong.
If a firm’s methodology achieves its aims as desired, then whatever approach they’re using is working, whatever that might be. On the other hand, if the methodology isn’t working well, then it’s not necessarily true that making it “more agile” or “more waterfall” will make it any better.
The secure software development essentials
To standardize the software development life cycle (SDLC), organizations implement development methodologies to fulfill their objectives in a way that best suits their organizational goals. Whether you use Agile, Waterfall, or something in between, building security into your SDLC can improve efficiency and reduce costs if it’s done the right way.
Download the complete eBook to:
- Learn how to add security to the various phases of your SDLC
- Understand how secure software development works in theory and in the real world
- Examine how to implement security activities with purpose
- See how to get started
