necessary to ensure continued operation in the face of changing
               operational, data processing, storage, and environmental

               requirements. It’s essential that you have a skilled support team in
               place to handle any routine or unexpected maintenance. It’s also
               important that any changes to the code be handled through a
               formalized change management process, as described in Chapter 1,
               “Security Governance Through Principles and Policies.”


               Lifecycle Models


               One of the major complaints you’ll hear from practitioners of the more
               established engineering disciplines (such as civil, mechanical, and
               electrical engineering) is that software engineering is not an
               engineering discipline at all. In fact, they contend, it’s simply a
               combination of chaotic processes that somehow manage to scrape out
               workable solutions from time to time. Indeed, some of the “software

               engineering” that takes place in today’s development environments is
               nothing but bootstrap coding held together by “duct tape and chicken
               wire.”

               However, the adoption of more formalized lifecycle management
               processes is seen in mainstream software engineering as the industry
               matures. After all, it’s hardly fair to compare the processes of an age-
               old discipline such as civil engineering to those of an industry that’s

               only a few decades old. In the 1970s and 1980s, pioneers like Winston
               Royce and Barry Boehm proposed several software development
               lifecycle (SDLC) models to help guide the practice toward formalized
               processes. In 1991, the Software Engineering Institute introduced the
               Capability Maturity Model, which described the process that

               organizations undertake as they move toward incorporating solid
               engineering principles into their software development processes. In
               the following sections, we’ll take a look at the work produced by these
               studies. Having a management model in place should improve the
               resultant products. However, if the SDLC methodology is inadequate,
               the project may fail to meet business and user needs. Thus, it is
               important to verify that the SDLC model is properly implemented and
               is appropriate for your environment. Furthermore, one of the initial

               steps of implementing an SDLC should include management approval.