Chapter 24: Software Development

Question 1

Five phases of SDLC

Answer 1

software development lifecycle: requirements gathering, design, development, testing, and operations and maintenance (O&M)

Question 2

CASE

Answer 2

computer-aided software engineering

Question 3

computer-aided software engineering

Answer 3

type of software which allows for the automated development of software (program editors, debuggers, code analyzers, version-control mechanisms; increase development speed and productivity and reduce errors

Question 4

attack surface

Answer 4

collection of possible entry points for an attacker

Question 5

threat modeling

Answer 5

systematic approach to understand how different threats could be realized and how successful compromise could take place

Question 6

prototyping methodology

Answer 6

creating a sample of the code for proof-of-concept purposes

Question 7

spiral methodology

Answer 7

iterative approach emphasizing risk analysis per iteration

Question 8

RAD

Answer 8

rapid application development

Question 9

DevSecOps

Answer 9

improve internal coordination and reduce friction by integrating the development, operations, and security teams when developing software

Question 10

IPT

Answer 10

`integrated product team

Question 11

integrated product team

Answer 11

multidisciplinary development team with representatives from many or all the stakeholder populations

Question 12

CMMI

Answer 12

Capability Maturity Model Integration

Question 13

Capability Maturity Model Integration

Answer 13

process improvement approach which provides organizations with the essential elements of effective processes, which will improve their performance

Question 14

six maturity levels of the CMMI model

Answer 14

0 - Incomplete, 1 - Initial, 2 - Managed, 3 - Defined, 4 - Quantitatively Managed, 5 - Optimizing

Question 15

OWASP SAMM

Answer 15

Software Assurance Maturity Model, focused on secure software development and allows orgs to decide their target maturity levels within each five critical business functions: Governance, Design, Implementation, Verification, and Operations

Question 16

JAD

Answer 16

Joint Application Development; team approach in app dev in a workshop-oriented environment

Question 17

RAD

Answer 17

Rapid Application Development; combines prototyping and iterative dev procedures with the goal of accelerating software dev process

Question 18

Reuse methodology

Answer 18

using progressively developed code; programs evolve gradually by modifying preexisting prototypes to customer specifications

Question 19

Cleanroom

Answer 19

prevents errors or mistakes by following structured and formal methods of developing and testing; used for high-quality and critical applications that will be put through strict certification process

Question 20

0 - Incomplete

Answer 20

dev process is ad hoc and chaotic; tasks not completed and so projects are cancelled or abandoned

Question 21

1 - Initial

Answer 21

effective management procedures and plans; no assurance of consistency, and quality is unpredictable; success is the result of individual heroics

Question 22

2 - Managed

Answer 22

formal management structure, change control, and quality assurance for individual projects; org can properly repeat processes throughout each project

Question 23

3 - Defined

Answer 23

Formal procedures in place; org is proactive rather than reactive

Question 24

4 - Quantitatively Managed

Answer 24

formal processes to collect and analyze quantitative data, metrics are defined and fed into process-improvement program

Question 25

5 - Optimizing

Answer 25

budgeted and integrated plans for continuous process improvement, which allow it to quickly respond to opportunities and changes

Question 26

Waterfall

Answer 26

rigid approach used if requirements are fully understood and different orgs will perform the work at each phase

Question 27

user stories

Answer 27

agile methodology (Scrum) for documenting requirements for a software system