Your company designs and develops firewalls, which will be evaluated against the highest level of assurance based on the Common Criteria. Which of the following is the best development approach?
C. Spiral model
D. Minimum viable product (MVP)
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is B. Cleanroom.
The highest level of assurance based on the Common Criteria implies EAL 7, which emphasizes formal design and rigid evaluation and takes a far longer time and more money to evaluate.
- As EAL 7 takes a far longer time to evaluate, it’s not feasible to employ Agile approaches to iteratively release part of the product that requires reevaluation for each release. Scrum and MVP are Agile practices.
- The spiral model can use formal methods and meets the requirement EAL 7. However, it’s a meta-model that can employ other software development processes or models. It doesn’t prescribe formal methods.
- However, the Cleanroom engineering process inherently uses formal specifications. It is more rigid and formal.
The following are characteristics of each approach:
- Cleanroom: formal specification/methods
- Spiral model: iterative risk-driven software process
- Scrum: Iterative and Incremental, and feature value-oriented, people-centric, and risk-aware.
- Minimum viable product (MVP): risk-aware by “Fail Early, Fail Fast” or “Fail Fast, Fail Often”
Cleanroom software development (Mills, Dyer et al., 1987; Cobb and Mills, 1990; Linger, 1994; Prowell, Trammell et al., 1999) is a software development philosophy that is based on avoiding software defects by using formal methods of development and a rigorous inspection process. The name ‘Cleanroom’ was derived by analogy with semiconductor fabrication units. In these units (cleanrooms) defects are avoided by manufacturing in an ultra-clean atmosphere. The objective of this approach to software development is zero-defect software. (Ian Sommerville, 2008)
Sommerville introduced five key strategies:
- Formal specification
- Incremental development
- Structured programming
- Static verification
- Statistical testing of the system
“A model of the Cleanroom process, adapted from the description given by Linger (Linger, 1994), is shown below. This shows how these essential strategies are integrated.” (Ian Sommerville, 2008)
Agile is a mindset composed of values, principles, and practices. Any means that fulfills the Agile mindset is commonly known as an Agile framework, approach, method, or practice; you name it. Some will use the term, Agile Methodology, which typically prescribes the processes and their input and output. I personally don’t use it in the Agile world because it’s not a good fit with the Manifesto for Agile Software Development, which upholds four values and 12 principles. The four values are listed and annotated as follows:
- Individuals and interactions (people-centric) over processes and tools
- Working software (value-oriented) over comprehensive documentation
- Customer collaboration (people-centric) over contract negotiation
- Responding to change (risk-aware) over following a plan
Agile Delivers Value
Agile approaches are Iterative and Incremental, and feature value-oriented, people-centric, and risk-aware. “Iterative” means a short-term project/development life cycle is performed repeatedly in a specific period, better know as iteration (XP) or sprint (Scrum). “Incremental” means each iteration must produce a releasable/deliverable outcome for customers to create value.
Compared with the waterfall model, which runs only one life cycle from the inception to the end, Agile breaks the big waterfall into smaller waterfalls (iterations), each of which shall create and deliver value.
For example, documents, mockups, prototypes are outcomes of an iteration, but they are work products or process artifacts (not end products), won’t be delivered to customers, and create no value. Agile won’t deliver work products or process artifacts to customers. Instead, Agile delivers value.
Minimum Viable Product (MVP)
“Fail Early, Fail Fast” or “Fail Fast, Fail Often” is promoted in Agile. A minimum viable product (MVP) is the practice.
A minimum viable product (MVP) is a concept from Lean Startup that stresses the impact of learning in new product development. Eric Ries, defined an MVP as that version of a new product which allows a team to collect the maximum amount of validated learning about customers with the least effort. This validated learning comes in the form of whether your customers will actually purchase your product.
A key premise behind the idea of MVP is that you produce an actual product (which may be no more than a landing page, or a service with an appearance of automation, but which is fully manual behind the scenes) that you can offer to customers and observe their actual behavior with the product or service. Seeing what people actually do with respect to a product is much more reliable than asking people what they would do.
Source: Agile Alliance
The Spiral Model is proposed by Barry Boehm in his 1986 paper, “A Spiral Model of Software Development and Enhancement.” It is an iterative (spiral) risk-driven software development process rather than one relying primarily on a document-driven or code-driven approach. It incorporates the strengths and improves the drawbacks of the following models:
- The code-and-fix model
- The stagewise and waterfall models
- The evolutionary development model
- The transform model
In each cycle/round, the Spiral Model starts with defining the objectives first, then evaluating alternatives to achieve them, assessing risk, and developing cost-effective risk response strategies, e.g., prototyping, simulation, benchmarking, reference checking, administering user questionnaires, analytic modeling, or combinations of these and other risk resolution techniques.
- Cleanroom software engineering (Wikipedia)
- Cleanroom software engineering (Ian Sommerville, 2008)
- CISSP PRACTICE QUESTIONS – 20200423
- Minimum Viable Product (MVP)
- A spiral model of software development and enhancement (Boehm, 1988)
A BLUEPRINT FOR YOUR SUCCESS IN CISSP
My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.
- It is available on Amazon.
- Readers from countries or regions not supported by Amazon can get your copy from the author’s web site.
B. 無塵室 (Cleanroom)
C. 螺旋模型 (Spiral model)
D. 最小可行產品 (MVP)