上QQ阅读APP看书，第一时间看更新

Waterfall

Waterfall development has been used for decades to develop large, complex systems. Waterfall development programs can take years to complete, with a significant initial time and cost commitment in which requirements are analyzed and derived, and software is designed based on those requirements.

Waterfall development is the classic top-down, milestone-driven development process. It generally consists of requirements, design, implementation, verification, and maintenance phases, as shown:

Development teams progress through these phases, and each phase must be completed prior to moving to the next. It is not uncommon for a development team to spend years in a single phase, with no production code being fielded until a significant amount of time has passed.

Waterfall projects pass through a series of gates, or reviews. These ensure that stakeholders and executives are satisfied with the state of the program, before passing to the next phase. Reviews often include:

System Requirements Review (SRR)
Preliminary Design Review (PDR)
Critical Design Review (CDR)

In government-based programs, these requirements and design reviews include a significant focus on the security requirements and design of the system. Often, security requirements are tailored to the specific system, and presented/reviewed during the SRR to ensure customer concurrence. Design reviews should include a detailed examination of the security design, which is based heavily on the security requirements previously agreed during the requirements review.