Software Development Life Cycle

What is the Software Development Life Cycle (SDLC)?

The Software Development Life Cycle (SDLC) is a framework that defines activities performed throughout the software development process.

The SDLC consists of six phases:

  1. Analysis. This is the first phase of any SDLC model. The project objective is determined during this phase. The client and company developing the software decide if they should keep the existing system as is, if changes are necessary, or if there is a need for new software. In the event that there is a need for new software, an estimate of resources (e.g., people, cost, etc.) is established during this phase. This information is then assembled into a project plan and submitted for management approval.

  2. Requirement Gathering. The stakeholders, system users, and developers meet during this phase to decide the requirements of the application they are building. The goal of this phase is for everyone to understand each software requirement and the scope of work. Questions that require answers during this phase include:
  • Who will use the system?
  • How will they use the system?
  • What will the input be for the system?
  • What will the output be for the system?

Next, a software requirement specification (SRS) document is created. This SRS document acts as the guidelines for the next phase.

  1. Design. Crafting a high-level design of the software build is the primary objective of the third SDLC phase. Decisions are made about hardware and software required to build the product, in addition to the system architecture. Engineers produce meta-data and data dictionaries, logical diagrams, data-flow diagrams, and pseudo codes (when applicable). A design specification document (DSD) records this information.

  2. Development. Within this phase, engineers code the software as per the established requirements and design. The front-end, backend, and the connection between the two are created during what is often the longest phase of the SDLC.

  3. Testing. The testing phase ensures that the software requirements are in place and that the software works as expected. In the event that a defect is identified, testers inform the developers. If the defect is valid, developers resolve it and create a new version of the software which then repeats the testing phase. The cycle continues until all defects are mitigated and the software is ready for deployment into the production environment.

  4. Deployment and Maintenance. Once there are no issues present within the software, it is deployed into the production environment. At this point, customers test the software (also known as beta testing). Any bugs identified within this phase go to the engineering team for resolution. The final deployment takes place once all bugs are resolved. Once the software moves into production, the maintenance team monitors the software’s performance and continuously evaluates it. If there are any issues in production, the team works to mitigate them immediately.

What are the top SDLC methodologies in use today?

The Waterfall Methodology.

Waterfall presents the oldest, simplest, and most structured SDLC methodology. Each phase depends on the outcome of the previous phase and runs sequentially.

Advantages of the Waterfall Methodology. This model provides discipline and gives a tangible output at the end of each phase. Once the scope is defined, establishing and managing a timeline is straightforward.

Disadvantages of the Waterfall Methodology. This model doesn’t work well when flexibility is a requirement. There is little room for change once a phase is deemed complete. Changes made in the scope can impact cost, time, and quality of the software. Additionally, if tasks aren’t carried out properly in each stage, or if new tasks require attention at a later stage, the entire project has a severe impact.

The Agile Methodology.

The Agile model is widely considered to be a realistic approach for development. It is an interactive approach in which the various phases operate in parallel. Most notably, Agile provides a working product quickly by breaking the product into cycles.

Advantages of the Agile Methodology. The Agile model emphasizes interaction as customers, developers, and testers coordinate throughout the project. Due to the model’s interactive nature, changes are easily brought into the process. It’s a transparent approach for tracing progress. Additionally, each iteration provides helpful feedback on the product.

Disadvantages of the Agile Methodology. Clear and thorough foundational requirements about product direction are critical. If the foundational requirements change often, planning becomes complicated and the project can go awry. Team members must be highly cross-skilled since core teams are often small. Team members must also be up-skilled on the chosen Agile framework.

Other SDLC models include the V-shaped model, the iterative model, and the spiral model. These are variations of the Waterfall and Agile models with similar advantages and disadvantages.

What is the Secure Software Development Life Cycle (SSDLC)?

In the past, the common practice was to perform security-related activities only during testing. This after-the-fact technique often results in a high number of issues discovered too late (or not at all). It’s a far better practice to integrate activities across the SDLC. This helps discover and reduce vulnerabilities early—effectively building security in.

It is in this spirit that the concept of the Secure SDLC (SSDLC) arises. The SSDLC process ensures that security assurance activities (e.g., penetration testing, code review, and architecture analysis) are an integral part of the development effort.

Generally speaking, the SSDLC is set up by implementing security-related activities within an existing development process. Examples include writing security requirements in coordination with the collection of functional requirements, or performing an architecture risk analysis during the design phase of the SDLC.

There are multiple SSDLC models in existence. Examples include:

  • MS Security Development Lifecycle (MS SDL): One of the first of its kind, Microsoft proposed the MS SDL in association with the phases of a classic SDLC.
  • NIST 800-64:Provides security considerations within the SDLC. Standards were developed by the National Institute of Standards and Technology for US federal agencies.

What are some key SSDLC advantages?

The primary advantages of pursuing an SSDLC approach include:

  • More secure software due to the fact that security is a continuous concern.
  • Stakeholder awareness of security considerations.
  • Early flaw detection in the system.
  • Cost reduction as a result of early detection and resolution of issues.
  • Overall reduction of intrinsic business risks for the organization.