Software Development Models and Security

Verified

Added on  2020/05/28

|13
|4172
|296
AI Summary
This assignment delves into various software development models, focusing on the Spiral model and Secure Life Cycle models. Students are tasked with comparing these models, highlighting their distinct characteristics, advantages, and limitations. The assignment further explores the integration of secure life cycle models within agile software development, examining the potential benefits and challenges.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.
Document Page
Cover page

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
14-15 paper
Question 1
a. The best recommended process model to be used by the software development department is
agile approach. Agile process model is an iterative model to software development and delivery
where by the software is developed and delivered incrementally instead of delivering the
software all at once. Agile approach is designed to respond to customer needs and changing
market while responding to the changes quickly. This is done by encouraging teamwork and
accountability among the development team members. The team members are tasked with
delivering the project in iterations. Each iteration is reviewed by the customer who gives his
review to the development team. The team is then supposed to consider the feedback given by
the customer in the next iteration. Agile subscribes to the following set of roles;
Project owner- This is a representative of the customer and clarifies all the
requirements.
Project manager- Supports the project team
Project team- This is group of members that executes the project.
Stakeholders- Anyone with an interest in the project usually classified as either; internal
executive stakeholders, external executive stakeholders, internal operation stakeholders
and external operation stakeholders.
The following are the characteristics of agile approach;
Scrum- Scrum is a simple and flexible way of introducing agility to the development of
the project, Scrum emphasizes on feedback in an empirical manner, self-management of
the project team and building of fully tested increments of the product within short
iterations.
Quality- Testing is done throughout the lifecycle of the project thus the end product is
assured of quality.
Visibility- Agile approach encourages active involvement between the project team and
client throughout the development process. This involvement ensures the client is able
to assess the product and the progress thus in the end ensuring all the client’s
expectations are met.
Early identification and resolution of issues- This is possible because the product is
delivered in iterations thus any issues are identified in the early stages of the project
and are acted on immediately. This makes agile approach easy to respond to any
changes in the requirements because of the clear visibility by the client.
More productive project team- By use of scrum for developing the product, agile
ensures on maximum productivity and satisfaction of the project team by ensuring each
team member plays a role in the development of the product. This leads to a happy
project team which is more productive.
Predictable costs and schedule- Agile approach uses sprints where each sprint is a fixed
duration of usually 1-4 weeks where new features are added to the product. This makes
it easy to predict the cost and the schedule thus improving overall decision making in
the project.
Document Page
Agile approach is breaks up the project into smaller chunks called sprints. A sprint is a period
through which specific work is supposed to be completed and reviewed. Each sprint is done in
five phases;
Project initiation- This phase involves defining the requirements
Sprint planning- This phase involves planning on the sprint will be executed
Daily Scrum- Stand up meetings done twice a day to review the work done on the
previous day and to introduce work to be done for the next 24 hours.
Sprint retrospective- This phase involves holding a meeting at the end of each sprint
where everybody reflects on the just completed sprint.
Demo- This phase involves releasing a demo completed at the end of that sprint.
b. The following are the reasons for selecting agile approach for the development of the project.
Agile model improves on quality- The quality of the end product is achieved because the
project is broken down into smaller manageable units thus enabling the project team to
focus on developing high quality increments, testing and collaborate on every sprint.
Each sprint gives the client an opportunity to review the product and this feedback is
used in the next sprint thus at the end the product is of good quality. For the motor car
manufacturing company quality of the product has to be guaranteed so that the
company can gain competitive advantages over other companies in the market.
Agile model focuses on the end users- To define the features of the product agile relies
on user stories with business focused acceptance criteria. This is done by focusing on
the needs of the real users to make sure each feature delivers value. Thus it is assumed
during the development process, the product will be released in increments where by
real users can review the product to make sure any changes are done before the end
product is released.
Early and predictable delivery- Agile model uses time-boxed, fixed schedule sprints
where new features are delivered quickly frequently thus a beta version of the software
can be released even earlier than planned. This is important because the company
needs to release the product fast in order to gain competitive advantage over other
companies in the market.
Document Page
c. A similar approach that could be used to develop the project is the spiral model approach. This
approach has four phases; planning, risk analysis, engineering and evaluation. To develop a
product the project has to go through these phases iteratively in a sort of spiral where each
spiral has the four phases;
Planning- This phase involves gathering of requirements to come up with the
requirements document.
Risk analysis- In this phase, all possible risks are identified and prototype is produced at
the end of this phase. Alternative solutions are proposed and implemented for all the
risks identified at this phase.
Engineering phase- This is where the development of the software takes place. Testing is
done at the end of this phase.
Evaluation phase- In this phase, the client evaluates the product developed for that
spiral before the project team can proceed to the next spiral.
The reasons spiral model cannot be used for the motor car company project are;
The spiral model is very costly because of the intermediate phases. This in turn affects
the initial budget predicted for the project as there is a high possibility of not meeting
the budget requirements
The spiral model has a high risk of not meeting the schedule as projects usually take a
lot of time. This disqualifies this approach as the ideal approach to use because the
motor car company needs the product to be developed fast so that they can gain
competitive advantages over other companies in the market.
It requires a lot of documentation in all the intermediate stages thus makes the project
a very complex project.
The spiral model is a very complicated approach for projects with clear requirements.
The motor company has clear requirements as another version has already been used in
the market thus the project team can get all the requirements by studying the existing
product. Spiral model is mostly preferred for projects with very unclear requirements
thus it’s not ideal for this project.
Question 2

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
a. What does CMMI level 4 indicate in terms of the organization’s capability maturity.
CMMI level 4 means that the company is quantitatively managed. This means that the
organization has achieved all the specific goals of the process areas that are assigned to maturity
level 2, level 3 and level 4. The organization has also achieved all the generic goals that are
assigned to maturity level 2 and level 3.
At maturity level 4 performance is contributed to by sub processes that are significantly
selected. These sub processes are controlled using quantitative techniques and statistical
techniques.
The criterion used in managing processes is establishment of quantitative objectives for process
and quality performance. Quantitative objectives are based on the needs of the end users,
customers, process implementers and the organization. Process performance and quality are
understood in statistical terms thus they can be managed throughout the life of the processes.
For these processes there is collection and analysis of detailed measures of process
performance
To support future fact-based decision making, process performance and quality measures are
incorporated into the organization’s repository of measurements.
Predictability of process performance can be used to distinguish between maturity level 3 and
level 4 where by at maturity level 4 statistical and other quantitative techniques are used to
control the performance or processes which are quantitatively predictable while at maturity
level 3 the processes are only qualitatively predictable.
b. What an organization needs in order to improve to level 5.
For the organization to improve and mover from level 4to level 5; the following is needed;
The organization has to adapt to new ways of improving process performance. Process
performance should be continually improved through both innovative and incremental
technological improvements.
The organization should establish quantitative process improvement objectives. It
should continually revise the process to reflect the changing objective of the business as
well as use the process as a criteria in managing process improvement.
The organization should measure the effects of deployed process improvements against
the quantitative process improvement objectives. It should also target its set of
standard processes and defined process as measurable improvement activities.
The organization should find ways to accelerate and share learning so as to increase its
ability to respond to changes and opportunities rapidly.
c. Quality management tool and how it is different from CMMI
Six sigma is another quality management tool that can be used to add value to the organization.
Six sigma is an overall enterprise improvement methodology which uses data to control,
monitor and improve operational performance through elimination and prevention of defects in
products and their associated processes.
Six sigma is different from CMMI because it emphasizes on production of better, faster and
lower cost products and services than the competition for improved bottom line results. Six
sigma advocates two methodologies; the first methodology aims at improving the existing
business while the second methodology aims at creation of new processes or products. CMMI is
different because it focuses on achievement of effective processes that are used to improve
performance.
Document Page
15-16 paper
Question 1
a. One planned driven process model is the waterfall model. The model is divided into phases
which do not overlap as the project progresses. The phases are;
Requirements specification- In this phase the goals and the expectations of the
projects are defined. Possible risks are identified and contingency plans to mitigate
the risks are defined.
Design- After identifying the specifications of the software the design of the product
is done at this phase.
Construction or implementation- After the design coding is done to achieve product
functionality.
Testing and debugging- Testing of the product is done at this phase. All kinds of tests
are done to make sure the product meets the need of the client.
Deployment- After testing is done the product is ready to deploy for use by the end
user.
Maintenance- This phase involves maintaining the software for any bug or errors
that might come up as the product is used by the end user.
The waterfall model can be argued to be systematic, disciplined and quantified approach
because the project is done in phases where each phase has to be finished before the
project team progresses to the next phase. This allows the project team to plan by coming
up with a project schedule and budget which is followed throughout the project life cycle.
The plan captures milestones which can be used to assess the progress of the project.
b. Using two case studies discuss how the software failed and the consequences of the failure.
Project 1- Therac-25 (1985-1987)
The first project that failed is Canada’s Therac-25 radiation therapy machine where
by six people were overexposed during radiation treatments for cancer using the
machine. Three of the patients that died were believed to have died from overdoses
as a result of using the machine.
The root cause of the failure of the project lack of quality assurance. This lead to an
inadequately tested, complex under-documented system which failed when it was
deployed as a result causing death to 6 patients. Another issue that led to the failure
is failure to take adequate corrective action.
Project 2- Denver baggage handling system
The Denver rapport baggage handling system failed because of system complexity.
The system was very complex as it involved 300 computers. The overrun of the
system prevented the airport from opening on time. TO fix the many bugs the
system required an additional 50% of the initial budget which totaled to around
$200m. This failure was caused by building an over-complex system which was not
properly documented.
c. "The software development activity generally referred to as prototyping consists in the
construction of one or more working models"
Document Page
Discuss this statement, with respect to the different types of working model which may be
constructed and their best use.
A prototype is an early model of a product that is built to test a process or a concept or to
act as a replica of the real product so as to provide a learning point for the product.
Prototypes are used for;
Learning- Prototypes are used to answer questions about the performance or
feasibility of the product. They act as a proof of concept model.
Communication- Prototypes are used to demonstrate the real product to get
feedback from stakeholders.
Integration- Combination of sub-systems into a system model
Milestones- can be used as a goal for the development team.
There are many types of prototypes. For example a vertical prototype which covers a small
section of the system. For instance a prototype for a registration page to be used by users to
register to a web application. The page is designed as it will appear in the final system to gather
feedback from some users.
Question 2
a. ISO 9000 is the internationally recognized standard for an organization’s internal Quality
Management. The term “quality” refers to all those features of a product or service which
are required by the customer. What are the potential advantages to be gained from such
Standards for a software supplier?
The potential advantages are;
Increased marketability- A software supplier who is ISO 9000 certified attracts more
customers as it is able to proof it is dedicated quality to its customers.
Reduced operational expenses- The rigorous registration process helps the company
to realize shortcoming in some of its operational areas thus the company takes the
necessary steps to improve the identified processes thus the company is able to
save money and time as a result of improving its processes.
Better management control- The ISO 9000 process of registration requires a lot of
documentation and self-assessment thus the company ends us understanding its
overall processes and direction.
Increased customer satisfaction
Improved internal communication
Improved customer service
Reduction of product liability risks
Attractiveness to investors
b. The process maturity approach focuses on improvement to process and process models
using “good” Software Engineering practices with the intention of improving product and
process quality. Using a diagram describe the components of the “process improvement
cycle” and state its purpose

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Document Page
The process improvement cycle is a means of assessing, analyzing with the intention of
making changes or improvements to a process activity.
c. “When quality is lacking this results in a defective product”.
State three claimed measures we can take to try to ensure a quality product and describe
three specific characteristics found in software that makes this difficult.
Three measures that can be used to improve software quality are;
Prototyping
Client involvement
Selecting the best suited process model
The characteristics that make it difficult are;
Error prone development process
High staff turnover
Intangible requirements
d. The Capability Maturity Model (CMM) allows us to assess the process capability of an
organization at one of 5 levels. Explain the core idea behind the repeatable level and its
basic features. List the key process areas of the repeatable level of the CMM model
Document Page
The core idea behind the repeatable level is that some processes are repeatable but they
may not be reusable for all projects in the organization. The processes may only be usable
for some of the projects.
The basic features include;
Project management to monitor costs and slippage against schedule.
Project understanding
Project visibility; use of milestones to monitor the status of the project and delivery
of the product.
The key process areas are;
Requirements management
Configuration management
Quality assurance
Project planning
Subcontract management
Project planning
Project tracking
16-17 paper
Question 1
a. Explain what is meant by the phrase Software Process Model. Include in your answer how the
choice model may affect the management of the project. Under what circumstances would you
recommend the use of the evolutionary development process model? Include a description for
the evolutionary development process model and comment on the manageability of projects
employing such a model.
Software process models determine what activities are carried out during the development, the
order in which they are carried out, the milestones and deliverables associated with each stage
of the process.
The choice made may affect he management of the project as different process models have
different frameworks through which a project is developed.
Evolutionary development process is an iterative and incremental approach to software
development.
Circumstances for use of evolutionary development process are;
Projects with volatile requirements
Projects that need high client involvement in the development process.
Projects needed to be developed within a short period of time.
Manageability of projects employing such a model is easy since the development team and the
client are in constant communication after delivery of every increment. This enables the client
to review the increment and to give feedback. This feedback is used by the development while
developing the next increment. Because the project is split into increments, the project is more
Document Page
manageable as it easy to predict some aspects of the project like the schedule and cost based on
each increment delivered.
b. Various models have been developed in response to the need for flexibility and adaptability.
One such model is the Rapid Application Model (RAD). Describe what is meant by RAD and its
relationship, if any, to existing methodologies. Include a diagram in support of your answer.
RAD is a concept that was derived out of the frustration of the waterfall model which at most
times resulted in products that inefficient and out of date by the time they were released
(Morse, 2016). RAD ensures the software is delivered faster while still maintaining high quality
through;
Gathering requirement using focus groups and workshops
Prototyping
Re-use of software components
A rigidly placed schedule
Less formality in review and other team communication (Rouse, 2016)
RAD is similar to the prototyping model which is development method in which a prototype is
built, tested and then reworked as necessary until an acceptable prototype is achieved at the
end from which the complete product can be developed.
c. Outline the steps in Royce’s Waterfall model. To what extent do you feel that Royce’s model is a
flexible and adaptable model? Justify all claims made
The steps in Royce’s waterfall model are;
System requirements
Software requirements
Analysis
Program design
Coding

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
Testing and
Operation
Royce’s waterfall model is an adaptable and flexible model as it embraces an iterative model
with feedback from each phase influencing previous phases
Question 2
a. How appropriate do you feel this view is for software developers today? Justify all claims
made, both for and against this view.
Software developers today should consider security in early development of a product
because of the following reasons;
Avoiding cost that would be incurred from the losses brought about by the security
breach.
Protection of company information- The system should be developed while making
sure it’s secure to avoid losing of private company information.
To safe guard the reputation of the company- if the software developing company
delivers in insecure product then its reputation could be damaged.
b. Compare and contrast two software development life cycle models of your own choosing
that you feel would be suitable as a secure lifecycle model, or that you feel could be
modified for use as a secure lifecycle model. Include in your discussion, a description for
each of the steps in the life cycle models discussed. Describe three tools that one could use
to model threats to such developments.
Security development lifecycle (SDL) is a software development process that helps a
development team to build more secure software and address security compliance
requirements while reducing the development cost. The process is divided into seven
phases; training, requirements, design, implementation, verification, release and response.
Spiral model is the other model. It combines the idea of iterative development with
systematic controlled aspects of the waterfall model. It is made up of four phases. To
develop a product the project has to go through these phases iteratively in a sort of spiral
where each spiral has the four phases;
Planning- This phase involves gathering of requirements to come up with the
requirements document.
Risk analysis- In this phase, all possible risks are identified and prototype is produced at
the end of this phase. Alternative solutions are proposed and implemented for all the risks
identified at this phase.
Engineering phase- This is where the development of the software takes place. Testing is
done at the end of this phase.
Evaluation phase- In this phase, the client evaluates the product developed for that
spiral before the project team can proceed to the next spiral.
The two model are similar because they emphasize on risk analysis although spiral model
does risk analysis in spirals until the project is complete.
Document Page
c. To what extent do you feel that secure life cycle models, could be developed for Agile
software development? Justify your claims.
Secure life cycle models could be developed for agile software development because of the
benefits they bring to the end product. Some of these benefits are;
More secure software- use of secure life cycle models helps the development team
to build software that is more secure by reducing the number and severity of
vulnerabilities in the code.
Help address compliance requirements
Reduce costs- helps reduce total development cost
Question 3
a. You have been asked to measure the size of a software system. Explain how one could measure
the size of the system (other than by using function points). What inconsistencies, if any, could
emerge with this measure?
One way of measuring the size of the software system is use case based software sizing which
measures the size by counting the number of characteristics of use cases found in the piece of
software. Some of the inconstancies that could occur with this method is that some of the use
cases might not be captured for some of the functionalities of the system thus the total sie
estimated might not be accurate.
b. Table
Function type elements Number of elements Names of elements
User input 6 The six attachment filenames
Reports to the user 1 Message box including info on the
attachments
Prompts and responses 2 Alerts on larger size and extension not
allowed
Interfaces to external
system/files
6 The six attachment files
Internal logical files 1 List of disallowed extensions
Document Page
References
Morse, A. P. (2016, November 23). Rapid Application Development (RAD): What Is It And How Do You
Use It? Retrieved January 9, 2018, from https://airbrake.io/blog/sdlc/rapid-application-
development
Rouse, M. (2016, July). Definition rapid application development (RAD) . Retrieved January 9, 2018, from
http://searchsoftwarequality.techtarget.com/definition/rapid-application-development
1 out of 13
circle_padding
hide_on_mobile
zoom_out_icon
[object Object]

Your All-in-One AI-Powered Toolkit for Academic Success.

Available 24*7 on WhatsApp / Email

[object Object]