Copyright

Types of Software Development & Their Vulnerability to Cybercrime

Instructor: Brandon Bass

Brandon has a MS in systems engineering & a PhD in Cyber Security. He has taught at several universities and possesses 12 industry certifications.

The multifaceted world of software development and the increased usage of Agile development methods has led to a steady decline in security and secure process. Also, the ubiquitous nature and use of mobile devices create a recipe for disaster.

Software Development

Today's developmental process was pioneered by Microsoft. Prior to the Agile development model, most software went through modular test phases. Models of engineering like Waterfall and Spiral were widely used. However, following the 1990s and the breakout of HTML and the Internet, Agile development and lightweight development became the new focal point for companies. The reason was simple. If you got your product to market, it could garner a following. That loyalty often caused consumers to stick around, even if the software was released with a few bugs.

Waterfall

Waterfall models were part of the initial process for the creation of software. It was first introduced in the 1970s. The model focuses on a stepwise progression that allows the software to move up and down steps for a more complete overall process. There are six phases to Waterfall:

Requirements - This phase highlights what the program should do. Clients and developers will discuss what is needed for the program and how it should function.

Analysis - The devised system is now analyzed with current systems to ensure that it will function appropriately and unforeseen elements don't hinder development.

Design - This stage is all about technical requirements. What language will be used to code the program? What data and hardware will be covered?

Coding - The code is written.

Testing - QA or Beta-testers will run the program through rigorous tests to ensure the efficacy and function of the program.

Operations - Once this phase has been reached, it is time for deployment on the live network. The development lifecycle for Waterfall is complete and the maintenance phase can begin.

Once these phases are complete the program is fully functional and typically hardened for security processes. However, during any of these phases things like change requests can come into play and require moving to a previous step to ensure that the change is appropriately added and tested. This can be time consuming and other companies may beat the company to release. This is the reason that this type of development fell out of favor or became hybridized into newer methods.

Agile Development

Agile models were incorporated with the extreme programming model, starting with Windows XP (Xtreme Programming). These methods are a more streamlined process. The theory is simple. As programming is a team effort, this maximizes communication and takes into account change requests mid-way through development as well as looking at milestones instead of steps. Generally, the Agile method seeks to develop software continuously while satisfying the client's requirements. Developers and clients must consistently work as a team to produce the final result. Communication needs to happen to answer informational processes, requirements, and change requests to be performed. Simplicity in the code and presentation is the goal of the Agile method.

The idea behind agility is that rather than needing to market a specific tool before release and hoping to find a buyer or shoehorn it into a business methodology, Agile development allows the team to create the software on time as it is needed. Its customization and production create a product that is as close to the client's vision as possible. The process is more people-centric and the focus is on self-motivating teams to create processes and collaborate to produce the final output.

Security Problems with Agile

Rush to release causes quite a few issues. There are often unforeseen consequences to such rapid development and lack of QA Testing. Perhaps you have seen the number of patches that software companies like Microsoft, Adobe and Java put forth for their software. The reason for this is the need to patch vulnerabilities discovered after the release.

The simplest of these vulnerabilities is assumed trust relationships or open content providers. Content providers are used in mobile technologies that allow a user interface for dealing with data in the program. Having these become public is problematic, as most people use these to store personal information. If this were able to be viewed in plain text, then that person's secrets would be exposed.

To unlock this lesson you must be a Study.com Member.
Create your account

Register to view this lesson

Are you a student or a teacher?

Unlock Your Education

See for yourself why 30 million people use Study.com

Become a Study.com member and start learning now.
Become a Member  Back
What teachers are saying about Study.com
Try it risk-free for 30 days

Earning College Credit

Did you know… We have over 200 college courses that prepare you to earn credit by exam that is accepted by over 1,500 colleges and universities. You can test out of the first two years of college and save thousands off your degree. Anyone can earn credit-by-exam regardless of age or education level.

To learn more, visit our Earning Credit Page

Transferring credit to the school of your choice

Not sure what college you want to attend yet? Study.com has thousands of articles about every imaginable degree, area of study and career path that can help you find the school that's right for you.

Create an account to start this course today
Try it risk-free for 30 days!
Create an account
Support