There have been many evolutions of the software development lifecycle (SDLC). These differing models have moved software development groups from sequential development to a more agile and iterative development model. Increasing awareness and research focused on the cyber security landscape has resulted in a large push for "shifting security left" in the SDLC. With security engineering teams engaged earlier and more often throughout the SDLC, security issues will be found and fixed earlier, which increases efficiency while lowering cost and overhead. While this has been an important cultural and infrastructural shift for many technology companies, there is still a gap in this feedback loop that needs to be bridged: the gap between user experience designers and the software, security, and IT/operations engineers. Trade-offs have been made between security and usability---a challenge known as "usability versus security." Much of the research that propose how to change these two fields from opposing forces to being cross-functional allies offer simplified solutions but don't go into granular detail about solving the problem. This paper covers the evolution of the SDLC from the Waterfall model through the DevSecOps agile methodology and proposes a new development model: the Technology Development Lifecycle (TDLC). This TDLC model aims to keep designers, software engineers, security engineers, and IT/operations all within a tight feedback loop throughout a continuous integration/continuous development pipeline. We will discuss various workflows, use cases, and technologies that can be used later on to implement a working environment that can enforce the TDLC model.
[1]
Agile Manifesto,et al.
Manifesto for Agile Software Development
,
2001
.
[2]
Manzoor Ahmad Rather,et al.
A COMPARATIVE STUDY OF SOFTWARE DEVELOPMENT LIFE CYCLE MODELS
,
2015
.
[3]
Marc J. Dupuis,et al.
Curiosity Killed the Organization: A Psychological Comparison between Malicious and Non-Malicious Insiders and the Insider Threat
,
2016,
RIIT.
[4]
Robert E. Crossler,et al.
The Compromise of One's Personal Information: Trait Affect as an Antecedent in Explaining the Behavior of Individuals
,
2019,
HICSS.
[5]
Scott R. Klemmer,et al.
Iterative design and evaluation of an event architecture for pen-and-paper interfaces
,
2008,
UIST '08.
[6]
John W. Castro,et al.
HCI usability techniques in agile development
,
2016,
2016 IEEE International Conference on Automatica (ICA-ACCA).
[7]
Marc J. Dupuis,et al.
A grounded theory analysis of modern web applications: knowledge, skills, and abilities for DevOps
,
2013,
RIIT '13.
[8]
Faisal Khan,et al.
Effects of peer feedback on password strength
,
2018,
2018 APWG Symposium on Electronic Crime Research (eCrime).
[9]
Mark Stansfield.
Global business information technology: an integrated systems approach, Geoffrey Elliott. Addison Wesley, Harlow, England (2004), ISBN: 0-321-27012-6
,
2004,
Int. J. Inf. Manag..