Quiz Entry - updated: 2026.07.14
What are the five main software development activities and their key outputs?
Requirement → Design → Implementation → Verification → Maintenance — and security has a job in every one of them.
| Activity | Key outputs | Security work in this phase |
|---|---|---|
| Requirement | Requirement doc, use cases | Define security requirements (auth strength, data classification, compliance) |
| Design | Software architecture, stakeholder map | Threat modeling, pick trust boundaries, choose proven crypto |
| Implementation | The actual code, data storage/retrieval | Secure coding, input validation, code review, SAST |
| Verification | Install, test and debug | Security testing — DAST, fuzzing, penetration testing |
| Maintenance | Error fixes, optimization | Patch management, vulnerability monitoring, incident response |
These form a sequential flow (in waterfall) or repeating iterations (in agile).
Why security must ride along in every phase: A vulnerability is cheapest to remove in the phase that introduced it. A missing security requirement becomes a design gap, which becomes hundreds of insecure lines of code — fixing it in maintenance can cost 10–100x more than catching it up front. This "build security in at every step" idea is the foundation of the Secure SDLC and DevSecOps.