What are the characteristics, advantages, and problems of the Waterfall model?
A strict, one-way sequence of phases: easy to manage with clear milestones, but inflexible — changing an early decision later is expensive.
* The Waterfall model — each phase completes and feeds the next, flowing in one direction. — Peter Kemp / Paul Smith, CC BY 3.0, via Wikimedia Commons. *
Waterfall Model characteristics:
- Strict linear sequence of activities (no going back)
- Simple definition of milestones
- Relatively easy project management
- Little freedom for developers
Phases: Requirement analysis → Functional specification → Program design → Coding → Test → Operation and Maintenance
Main problem: Not very flexible — essential attributes are fixed early and can't be changed afterwards without considerable cost.
Security implication: This rigidity cuts both ways. On the plus side, it forces security requirements and threat modeling to be defined up front, which is exactly where they're cheapest to address. The downside: if a threat is discovered after the design is locked, retrofitting the fix is costly, and there's no built-in cadence to revisit security as the threat landscape changes during a multi-year project. Best suited for projects with well-understood, stable requirements.
Go deeper:
Waterfall model (Wikipedia) — the one-directional, complete-each-phase-first nature and its low flexibility.