Software Development Life Cycle: Finding a Model That Works
Table of Contents
Waterfall. Agile. Scrum. Kanban. Lean.
These words are often thrown around when talking about the software development life cycle (SDLC), but what do they mean and how do they relate to each other? In this blog, we’ll take a look at the evolution of the software development life cycle and consider several current trends, including the integration of application security into the software development process.
What is the software development life cycle?
The application lifecycle management is a software engineering process used to design, develop, test, and deploy software. Each phase of the SDLC is designed to give companies control over their software development with predictable deliverables and visibility into budgets and deadlines. The goal of adopting an SDLC model is to produce high-quality software at a lower cost in an efficient and productive manner.
Currently, the most common SDLC models used in software development include waterfall and agile-based methodologies.
Waterfall software development
The waterfall model was the first process model adopted to manage software development. Introduced in the early 1970s, waterfall follows a linear-sequential development cycle, where each phase is discrete and begins only when the previous phase is completed. In this model, which came from manufacturing and construction industries, progress flows from the top to the bottom much like a cascading waterfall.
Winston Royce, often credited as the creator of the waterfall model for software engineering, identified the following SDLC phases:
- Requirements. The first step in waterfall is gathering all the customer requirements up front. This is the only stage that involves customers until the software is delivered.
- Design. This is the software architecture stage and includes both logical and physical design.
- Implementation. In this stage, developers produce and test code based on the specifications from the design stage.
- Verification. Software is released to customers who review the product to make sure it meets the project’s requirements.
- Maintenance. The product is maintained. Any bugs or security vulnerabilities are fixed as necessary.
Under the traditional waterfall model, the average time between releases is one to two years, regardless of the size of the release. Think back to the pre-SaaS Excel days when major updates meant a complete reimagining of the product and occurred only every two years.
The waterfall model provides a centralized and standardized approach to software development that is easy to manage. Unfortunately, it’s not nimble or responsive to changing customer demands because product changes are too costly once the team moves past the design phase.
Agile software development
In 2001, the Agile Manifesto was published, and the software development life cycle was upended. Not technically a framework or methodology, the Agile Manifesto is a set of 12 guiding principles focused on leadership, teamwork, and customer satisfaction. Some of the core principles include:
- Satisfy the customer through early and frequent delivery of software.
- Face-to-face communication is the most effective and efficient.
- Change can occur at any time in development.
- Simplicity is essential.
One of the main outcomes of the agile movement was the shorter development cycles. Smaller companies were the first to adopt agile methodologies because they could differentiate themselves by quickly meeting customers’ demands for additional functionality in a significantly shorter timeframe. Medium-size companies began seeing the benefit of adopting an agile practice, and eventually enterprise organizations followed suit.
The average release cycle for a software company with an agile practice is once every two weeks. Some companies, like Twitter and Facebook, release new software every two days. No doubt there are companies releasing software even more frequently.
Agile is all about being lean and maximizing the added value for customers. It includes all the core steps in waterfall, but in smaller chunks. Plus, unlike waterfall, the various phases of the SDLC can run in parallel in an agile practice, making it more responsive to market changes.
The SDLC process and agile methodologies
As mentioned earlier, agile is more of a mindset than a model. There are, however, a number of agile frameworks that take an iterative approach to development and focus on better communication, customer satisfaction, and speed to market. The top-five most popular are as follows:
- Scrum. The most popular agile framework focuses on small teams of less than ten developers. Work is broken down into small timed iterations called sprints, and daily stand-up meetings are essential in communicating progress.
- Kanban. Named after a Japanese Kanban board, this lean methodology focuses on visualizing workloads in which work is pulled as capacity permits, rather than work being pushed to developers.
- XP (Extreme Programming). Based on four basic activities — coding, continues testing, listening, and designing — XP reduces the cost of changes and increases productivity by having multiple short development cycles.
- Crystal. Described as “human-powered, adaptive, and ultra light,” this model contends that the way people communicate has the biggest impact on a project so it focuses on human interactions rather than processes and tools.
- Lean Development. This methodology is derived from Lean Manufacturing and has seven principles, including eliminate waste, build quality in, create knowledge, defer commitment, deliver fast, respect people, and optimize the whole.
Despite their differences, these methodologies have similar goals: reducing costs, improving communication and collaboration across engineering, increasing customer satisfaction, and being more responsive to market changes.
Waterfall-Agile hybrid software development
When put into practice, waterfall and agile each have their strengths and weaknesses. Though waterfall can’t keep pace with agile in terms of release cycles, it can be more predictable when it comes to budgets and timelines because the scope is often more clearly defined. And while agile methodologies are more responsive to changing market conditions and customers’ needs, long-term projects can be difficult to plan, and it is more taxing on developers.
To balance each approach’s limitations, many software organizations adopted a hybrid approach. The idea here is to leverage the best of both methodologies: the planning of waterfall with the communication and execution of agile.
Under a hybrid approach, teams implement the structured up-front planning process that waterfall does so well. Agile comes into play when waterfall’s planning is broken down into smaller development chunks so that new features can be deployed to customers more quickly. This approach provides both structure and speed.
Security in the SDLC
Because applications remain the top external attack method, we’d be remiss not to mention security in the context of the SDLC.
When it comes to security, waterfall’s traditional linear approach can be a liability. Code changes are difficult when security flaws like buffer overflow are found in late-stage testing. To remediate these vulnerabilities, developers end up working on code they haven’t seen in months, which isn’t efficient or effective.
Newer SDLC models are better for developing secure software in part because their iterative approach makes it easier for changes to occur at any time should vulnerability remediation be necessary. Working on smaller chunks of code also means fewer unintended consequences; bugs have less of an impact and are easier to fix. Furthermore, the continuous release cycles of agile models have shifted security left to prevent testing bottlenecks. Developers now handle much of the security work by reviewing and testing code far earlier in the SDLC.
Finding an SDLC model that works
Whether you adopt waterfall, agile, or a hybrid approach, software development is an enormous and highly personal undertaking. In each of these models, the basic tasks are similar — design, development, testing, deployment. It is how they are executed that varies.
Choosing the right methodology depends on your own specific project, requirements, and environment. If your software is mature and its requirements are well-defined, then waterfall might be the best choice for you. If speed to market and customer input is the greatest importance to your success, then you might consider an agile model.
In the end, there is no best one-size-fits-all when it comes to SDLC models. In order to select the best for your company, you must first assess your own unique needs then choose a model that works best.