CISSP考试指南笔记：8.3 软件开发模型

Waterfall Methodology

The Waterfall methodology uses a linear-sequential life-cycle approach,Each phase must be completed in its entirety before the next phase can begin. At the end of each phase, a review takes place to make sure the project is on the correct path and should continue.

This is a very rigid approach that could be useful for smaller projects that have all of the requirements fully understood, but it is a dangerous methodology for complex projects.

V-Shaped Methodology

This methodology emphasizes the verification and validation of the product at each phase and provides a formal method of developing testing plans as each coding phase is executed.

This methodology is best used when all requirements can be understood up front and potential scope changes are small.

Prototyping

A prototype is a sample of software code or a model that can be developed to explore a specific approach to a problem before investing expensive time and resources.

Rapid prototyping is an approach that allows the development team to quickly create a prototype (sample) to test the validity of the current understanding of the project requirements.

When evolutionary prototypes are developed, they are built with the goal of incremental improvement.

The operational prototypes are an extension of the evolutionary prototype method. The operational prototype is updated as customer feedback is gathered, and the changes to the software happen within the working site.

Incremental Methodology

If a development team follows the Incremental methodology, this allows them to carry out multiple development cycles on a piece of software throughout its development stages.

This methodology is best used when issues pertaining to risk, program complexity, funding, and functionality requirements need to be understood early in the product development cycle.

Spiral Methodology

The Spiral methodology uses an iterative approach to software development and places emphasis on risk analysis. The methodology is made up of four main phases: determine objectives, risk analysis, development and test, and plan the next iteration.

The iterative approach provided by the Spiral methodology allows new requirements to be addressed as they are uncovered.

In the Spiral methodology the last phase allows the customer to evaluate the product in its current state and provide feedback, which is an input value for the next spiral of activity.

Rapid Application Development

The Rapid Application Development (RAD) methodology relies more on the use of rapid prototyping than on extensive upfront planning. In this methodology, the planning of how to improve the software is interleaved with the processes of developing the software, which allows for software to be developed quickly. The delivery of a workable piece of software can take place in less than half the time compared to the Waterfall methodology.

The main reason that RAD was developed was that by the time software was completely developed following other methodologies, the requirements changed and the developers had to “go back to the drawing board.”

Agile Methodologies

The Agile methodology is an umbrella term for several development methodologies. It focuses on incremental and iterative development methods that promote cross-functional teamwork and continuous feedback mechanisms.

A user story is a sentence that describes what a user wants to do and why.

Another important characteristic of the Agile methodologies is that the development team can take pieces and parts of all of the available SDLC methodologies and combine them in a manner that best meets the specific project needs.

Scrum

Scrum is a methodology that acknowledges the fact that customer needs cannot be completely understood and will change over time. It focuses on team collaboration, customer involvement, and continuous delivery.

The change points happen at the conclusion of each sprint, a fixed-duration development interval that is usually (but not always) two weeks in length and promises delivery of a very specific set of features.

Extreme Programming

Extreme Programming (XP) is a development methodology that takes code reviews to the extreme by having them

take place continuously. These continuous reviews are accomplished using an approach called pair programming, in which one programmer dictates the code to her partner, who then types it.

Another characteristic of XP is its reliance on test-driven development, in which the unit tests are written before the code.

Kanban

The Kanban development methodology is one that stresses visual tracking of all tasks so that the team knows what to prioritize at what point in time in order to deliver the right features right on time.

The Kanban wall is usually divided vertically by production phase. Typical columns are labeled Planned, In Progress, and Done.

Other Methodologies

The following is a quick summary of a few others that can also be used:

• Exploratory methodology A methodology that is used in instances where clearly defined project objectives have not been presented.
• Joint Application Development (JAD) A methodology that uses a team approach in application development in a workshop-oriented environment.
• Reuse methodology A methodology that approaches software development by using progressively developed code.
• Cleanroom An approach that attempts to prevent errors or mistakes by following structured and formal methods of developing and testing.

Integrated Product Team

An integrated product team (IPT) is a multidisciplinary development team with representatives from many or all the stakeholder populations. A comprehensive IPT includes business executives and end users and everyone in between.

The Joint Application Development (JAD) methodology, in which users join developers during extensive workshops, works well with the IPT approach.

IPTs are often associated with Agile methodologies.

DevOps

DevOps is the practice of incorporating development, IT, and quality assurance (QA) staff into software development

projects to align their incentives and enable frequent, efficient, and reliable releases of software products.

DevOps has a huge positive impact on security, because in addition to QA, the IT teammates will be involved at every step of the process. Multifunctional integration allows the team to identify potential defects, vulnerabilities, and friction points early enough to resolve them proactively.