International Research Journal of Engineering and Technology (IRJET)
e-ISSN: 2395-0056
Volume: 13 Issue: 04 | Apr 2026
p-ISSN: 2395-0072
www.irjet.net
Software Development Life Cycle: Adopting a Security-First Approach Bulupiy Galati Joel Computer Science Faculty, Dept. Network & Security, Université Protestante au Congo, Democratic Republic of The Congo ---------------------------------------------------------------------***---------------------------------------------------------------------
Abstract – The rapid evolution of software development has
foundations from the starts is vital for preventing incidents, this approach applies to diverse projects, including web applications, embedded software, disturbed systems, network programming, Internet of Things (IOT), and artificial intelligence systems.
intensified cybersecurity challenges across web application, embedded systems, distributed architectures, Internet of Things (IoT) and artificial intelligence solution. In traditional approaches, security is often treated as a final stage in the Software Development Life Cycle (SDLC), resulting in increased vulnerability risks, higher remediation costs, delayed deployments, and potential regulatory penalties. This paper advocates a Security-First approach, which integrates security practices form the initial phases of the SDLC rather than as a reactive measure. It examines major SDLC methodologies, evaluation their characteristics, use cases, security integration potential and optimal application contexts. Drawing on influential standards such as the NIST Secure Software Development Framework (SSDF) and Secure SDLC (SSDLC), the study highlights the benefits of proactive security integration. Results indicate that adopting a Security-First mindset significantly reduces risks while preserving system performances and availability.
2. SDLC Methodologies Several SDLC methodologies exist. This section analyses each according to four criteria: characteristics, use cases, security integration and recommended application contexts. The comparison is summarized in the table below. Table -1: Comparison of SDLC Methodologies with Security-First Integration Methodo Characte Use Security When to logy ristics Cases Integration use (SecurityFirst/DevS ecOPs) Waterfal Linear Projects Security Simple l and with typically projects sequenti stable added late; with al; each require; difficult to minimal phase nets and retrofit changes. must be wellchanges complete defined d before scope. the next. Iterative Progressi Projects Security Medium ve requirin integrated -sized develop g user in each projects ment feedback iteration with thought and (threat gradual repeated moderat modelling changes. cycles. e and testing require per cycle) ment evolutio n. Agile Combine Dynamic Highly Fastincremen s effective paced tal and projects, with environ iterative start-ups, DevSecOps ments approach mobile ; security needing es with and web incorporat rapid short applicati ed in every delivery sprints. ons with sprint changing
Key Words: Software Development Life Cycle (SDLC), Security-First, DevSecOps, Secure SDLC, NIST SSDF, Threat Modeling, CIA Triad
1.INTRODUCTION Over the past three decades, software development has advanced at an extraordinary pace. This rapid growth requires a methodical and proactive approach to securing the entire information system while ensuring proper functionality and availability. In light of emerging daily threats, it is essential to adopt a Security-First methodology. This approach promotes incorporating security layers from the beginning of the software development process, rather than threating security as a final security or corrective measure after a technical failure or an attack. Practically, many traditional SDLC models do not integrate security in detailed and systematic manner. To address this gap, the NIST Secure Software Development Framework (SSDF) is recommended as a robust method for embedding security practices across every phase of the SDLC [1]. To implement this strategy effectively the Secure SDLC (SSDLC) is employed. Unlike classical methods that defer security and testing to the end of the cycle, SSDLC incorporates security principles, architectural decisions, tools, and procedures from the outset [2]. Building secure
© 2026, IRJET
|
Impact Factor value: 8.315
|
ISO 9001:2008 Certified Journal
|
Page 204