Lockdown

Software Development Methodology

Pros and Cons

Software Assurance Concerns

Waterfall Model

Pros:Relies on a team to follow a Sequence of Steps, never moving forward until the previous phase has been completed.

· Create requirements documents

· System design

· Implementation

· Testing

· Deliver Deployment

· Maintenance

Cons:

· makes Changes difficult, follow a set of steps

· No feedback path

· Difficult to accommodate change requests

· No overlapping of phases: This model recommends that a new phase can start only after the completion of the previous phase. But in real projects, this can’t be maintained. To increase efficiency and reduce cost, phases may overlap. 

No feedback path: In the classical waterfall model evolution of software from one phase to another phase is like a waterfall. It assumes that no error is ever committed by developers during any phase. Therefore, Software is not working until later stages in the software development lifecycle. 

Prototype Model

Pros:

· Flexible in design

· Easy to detect errors

· Find missing functionality easily

· Scope of refinement, new requirements.

· It can be reused by the developer for more complicated projects in the future

· It ensures a greater level of customer satisfaction and comfort

·

Cons:

· The model is costly

· It has poor documentation because of continuously changing customer requirements

· There may be too much variation in requirements

· Customer sometimes demands the actual product to be delivered soon after seeing an early prototype.

· Customer may not be satisfied or interested in the product after seeing the initial prototype

Prototypesmake customers assume they are further in process of development thantheyreally are. This causes developers to rush in getting a product out the door, leaving steps in the process like security not getting completed.

Agile Software Development

Pros:

· Working through pair programming produce well written compact programs

· It reduces the total development time of the whole project

· Customer representatives get the idea of updated software products after each iteration

Cons:

· Due to lack of formal documents creates confusion and important decisions taken during different phases can be misinterpreted

· Due to the absence of proper documentation, when the product is complete and developers are assigned to another project, maintenance of the development project can become a problem.

Software lifecycle allows Agile to be tailored towards cybersecurity.

Rapid Application Development

Pros

· The use of reusable components helps to reduce the cycle time of the project.

· Feedback from the customer is available at the initial stages.

· Feedback from the customer is available at the initial stages.

· The use of powerful development tools results in better quality products in comparatively shorter time spans.

· The use of powerful development tools results in better quality products in comparatively shorter time spans.

· The use of powerful development tools results in better quality products in comparatively shorter time spans.

Cons:

· The use of powerful development tools results in better quality products in comparatively sthe use of powerful development tools results in better quality products in comparatively shorter time spans.

· shorter time spans.

· The use of powerful development tools results in better quality products in comparatively shorter time spans.

· The use of powerful development tools results in better quality products in comparatively shorter time spans.

· The use of powerful development tools results in better quality products in comparatively shorter time spans.

Due to the rapid pace of Rapid Application Development (RAD) securitychallenges in the process.

Dynamic Systems Development

Pros:

· Timely delivery of projects with flexibility that focus on business goals and large-scale orgs.

Cons:

· Significant amount of money required makes this not suitable for smaller orgs.

N/A

Spiral Model

Pros:

· The use of powerful development tools results in better quality products in comparatively shorter time spans.

· The use of powerful development tools results in better quality products in comparatively shorter time spans.

· The use of powerful development tools results in better quality products in comparatively shorter time spans.

· The use of powerful development tools results in better quality products in comparatively shorter time spans.

· The use of powerful development tools results in better quality products in comparatively shorter time spans.

· Strong approval and documentation control.

Cons

· .It is not suitable for small projects as it is expensive.

· It is much more complex than other SDLC models. The process is complex.

· Too much dependable on Risk Analysis and requires highly specific expertise.

· Difficulty in time management. As the number of phases is unknown at the start of the project, time estimation is very difficult.

· Difficulty in time management. As the number of phases is unknown at the start of the project, time estimation is very difficult.

· Difficulty in time management. As the number of phases is unknown at the start of the project, time estimation is very difficult.

· It is not suitable for low-risk projects.

· May be hard to define the objective, verifiable milestones. Large numbers of intermediate stages require excessive documentation.

·

·

Model does not have security as A Process in any of the steps, Requires a significant amount of expertise.

Extreme Programming

Pros:

· Timesaving, Cost Saving simplicity, visibility

Cons:

· The focus is on code review instead of design and customer, quality assurance.

The software life cycle is not tailored to support security engineering challenges and focuses more on speed than security.

Feature-Driven Development

Pros:

· Good with features, bigger scale projects, uses the top known development practices

Cons:

· Not used by smaller teams, requires extremely competent leadership, and has minimal documentation.

Mistakes are made in phases of the feature-driven development that will cost in the long run.

Joint Application Development

Pros:

· Produce a design from the customer’s perspective.

· The Teamwork between company and client, helps to remove all risks.

· Due to close interaction, progress is faster.

· JAD helps to accelerate design and also to enhance quality.

· JAD cheers the team to push each other with leads them to work faster and also to deliver on Time

Cons:

· .Sometimes opinions among the team members may differ which makesit difficult to align goals and maintain focus.

· On depending upon the size of the product, in JAD people may have to spend a significant amount of time.

N/A

Lean Development

· Pros:LSD removes the unnecessary process stages when designing software so that it acts as a time saver and simplifies the development process.

· LSD removes the unnecessary process stages when designing software so that it acts as a time saver and simplifies the development process.

· LSD removes the unnecessary process stages when designing software so that it acts as a time saver and simplifies the development process.

Cons:

N/A

Rational Unified Process

Pros:

· Flexible, focus on requirements and documentation, reuses components of the project.

Cons:

· Could have lots of failures and difficult to implement with no end date in sight.

N/A

Scrum Development

Pros:

· Scrum framework is fast-moving and money efficient.

· Scrum framework is not a fully described model. If you want to adopt it you need to fill in the framework with your own details like Extreme Programming (XP), Kanban, and DSDM.

· Scrum framework is not a fully described model. If you want to adopt it you need to fill in the framework with your own details like Extreme Programming (XP), Kanban, and DSDM.

· The daily Scrum meetings and frequent reviews require substantial resources.

·

Cons:

· Scrum framework does not allow changes into their sprint

· Scrum framework is not a fully described model.

· It can be difficult for Scrum to plan, structure, and organize a project that lacks a clear definition.

· It can be difficult for the Scrum to plan, structure and organize a project that lacks a clear definition.

·

Scrum is tailored to security requirements.