Secure Software Stages

6.2. Secure Software Stages#

To ensure security and privacy by design, software developers can follow principled stages for developing software, which are outlined below. Each of these phases should be completed in order, however it is common to repeat stages or go back to earlier stages if problems are detected at any point.

Note

These stages apply to both developing new software and adding functionality to existing software.

  1. Requirements Definition

This involves identifying what the software must do for its users and how it must protect their interests. Privacy, legal compliance, and user capabilities form the core of these requirements.

  1. Determining Specifications

The requirements are refined into precise, measurable specifications. Developers decide how features will behave, what data is collected and how user input is managed.

  1. Design

In this phase, developers create an architectural blueprint of how the application will be built. This is helpful when working in teams so that work can be broken down into smaller tasks and assigned to teams or individuals.

  1. Development

Developers work to transform the designs into code. Along the way developers are making sure that their code follows best practices to ensure security and privacy by design.

  1. Integration

Developers combine the newly developed code with an existing codebase or service.

  1. Testing and Debugging

Developers and quality assurance teams work to perform functional tests (to confirm the software works as specified) and security tests (to detect potential vulnerabilities). This usually combines automated and manual testing.

  1. Installation

Once the software is ready to be used, developers install it in a way that minimally disrupts users and doesn’t lead to any security breaches or data leaks.

  1. Maintenance

After launching the product, developers continually monitor and update dependencies, apply security patches and respond to new threats.