Pure Agile and pure Waterfall don’t occur in the real world. Instead, software development takes place on a spectrum. There are infinite variations and most real world software teams incorporate elements of Waterfall, Agile, and other methodologies into their SDLC.
Software life cycles are as unique and varied as the organizations they serve. At each organization, security has to fit into that SDLC and give good, competent advice.
Let’s say that a company adopts long release cycles with extensive documentation. This company also plans intermediate releases every three weeks. This three-week release cycle feels very agile. They may even refer to each cycle as a sprint. However, the documentation they release and formal approval process reflect a waterfall approach. It’s important to understand that these hybrid approaches aren’t wrong.
If a firm’s methodology achieves its aims as desired, then whatever approach they’re using is working, whatever that might be. On the other hand, if the methodology isn’t working well, then it’s not necessarily true that making it “more agile” or “more waterfall” will make it any better.
To standardize the software development life cycle (SDLC), organizations implement development methodologies to fulfill their objectives in a way that best suits their organizational goals. Whether you use Agile, Waterfall, or something in between, building security into your SDLC can improve efficiency and reduce costs if it’s done the right way.
Download the complete eBook to: