6.2. Secure Software Stages

To ensure security and privacy by design, software developers can follow principled stages for developing software, which are outlined below. Each of these phases should be completed in order, however it is common to repeat stages or go back to earlier stages if problems are detected at any point.

Note

These stages apply to both developing new software and adding functionality to existing software.

1. Requirements Definition

This involves identifying what the software must do for its users and how it must protect their interests. Privacy, legal compliance, and user capabilities form the core of these requirements.

2. Determining Specifications

The requirements are refined into precise, measurable specifications. Developers decide how features will behave, what data is collected and how user input is managed.

3. Design

In this phase, developers create an architectural blueprint of how the application will be built. This is helpful when working in teams so that work can be broken down into smaller tasks and assigned to teams or individuals.

4. Development

Developers work to transform the designs into code. Along the way developers are making sure that their code follows best practices to ensure security and privacy by design.

5. Integration

Developers combine the newly developed code with an existing codebase or service.

6. Testing and Debugging

Developers and quality assurance teams work to perform functional tests (to confirm the software works as specified) and security tests (to detect potential vulnerabilities). This usually combines automated and manual testing.

7. Installation

Once the software is ready to be used, developers install it in a way that minimally disrupts users and doesn’t lead to any security breaches or data leaks.

8. Maintenance

After launching the product, developers continually monitor and update dependencies, apply security patches and respond to new threats.

6.2.1. Glossary

Requirements definition

The stage where developers identify what the software must do for users and how it must protect their interests.

Specification

A detailed, technically measurable statement that refines a requirement into concrete technical instructions.

Software design

The stage where developers define how software will be structured to fulfill its specifications.

Software development

The stage where developers transform designs into code while following security and privacy best practices.

Integration

The stage where newly developed code is combined with an existing codebase or service.

Testing

The stage where developers and quality assurance teams check that the software works as specified and detect potential vulnerabilities.

Installation

The stage where completed software is deployed for use without causing security breaches, data leaks, or major disruption.

Maintenance

The stage after launch where developers monitor software, update dependencies, apply security patches, and respond to new threats.