8 Software Development Methodologies You Can’t Do Without
Home » 8 Software Development Methodologies You Can’t Do Without
(5 votes, average: 5.00 out of 5)
75% of developers spend hours fixing production issues. Wondering which software development methodologies can help you identify flaws earlier, save time and money, and achieve excellence? Here’s what to know…
This year, 83% of chief information officers were urged to accomplish more with less money. However, developing secure, high-quality software, fast, and without going over budget isn’t a walk in the park for development teams.
As a result, codes may be released with unaddressed vulnerabilities, misconfigurations, or errors. Many of these same issues related to human-related errors are the basis of 74% of data breaches analyzed by Verizon’s 2023 Data Breach Investigation Report.
The good news is that many of these issues are preventable. Vulnerabilities and misconfigurations can be identified and addressed before deployment. How? With the support of a clear, structured software development process.
In this article, we have selected a pool of eight of the most popular and recognized software development methodologies. Want to make every software development project a success?
Learn each listed methodology’s key features,
Discover the pros and cons of implementing them, and
Figure out the right methodology and project combinations to meet your organization’s needs.
Do you know what’s my favorite moment in software development? The beginning of a new project. It’s a bit like Christmas. Everybody’s excited and they plunge headlong into the process. It’s a magical time; the start of a new adventure. Fast forward a few months and, suddenly, everything changes — sometimes, for the worse.
No one knows anymore who is doing what, team members are running around like headless chickens working on different bits and pieces, just following their guts. The outcome? A catastrophe. Deadlines aren’t met, requirements aren’t fulfilled, and everybody’s mood has suddenly darkened.
Welcome to the world of unstructured projects. It’s a place where chaos reigns supreme over unmotivated, stressed-out employees, and costs soar. The kind of place where projects have no future and your customers’ trust comes to die.
Want to transform this hell into paradise? Let’s go through the eight best software development methodologies options we have to bring structure to the situation. Choose wisely, though! Some software development methodologies may do more harm than good depending on your project and circumstance. C’mon, time to bring in some light in this dark realm!
Agile
Scrum
Lean
Feature Driven Development (FDD)
Waterfall
SecDevOps
Spiral
RAD
Project Size
Any.
Small and medium.
Any.
Large and medium.
Any.
Large and medium.
Large and medium.
Medium and small.
Development Speed
1 to 4 weeks.
2 to 4 weeks.
1 to 2 weeks.
2 weeks.
Depends on the size of the project.
Depends on the project’s size.
Undefined.
Very short, often 1 week.
Process Type
Iterative.
Iterative.
Iterative.
Iterative.
Sequential.
Security always comes first.
Iterative.
Iterative.
Is It Flexible?
Yes.
Yes.
Yes.
Yes.
No.
Yes.
Yes.
Yes.
Pros
Enables faster software release; increases customer satisfaction, team performance, and project adaptability to changes.
Boosts problem resolution and team communication; simplifies change adoption
Provides greater value; increases team motivation and project flexibility
Reduces the number of meetings; increases scalability and delivery velocity.
Improves project clarity and reduces the risk of going over budget.
Reduces risks; elevates project flexibility and customer satisfaction.
Increases customer involvement; offers greater adaptability and reduces development time.
Cons
Requires an experienced project manager and greater effort.
Necessitates a change of mindset and requires skilled developers.
Imposes tight deadlines and requires greater effort to keep the project on track.
Entails a complex process that demands a strong lead and big enough projects.
Imposes a rigid process, making it difficult to fix issues that impact customer satisfaction.
Calls for additional training and skills due to its overall complexity.
Requires highly qualified team members with risk assessment and rigorous time management expertise.
Depends on active customer feedback, seasoned developers, and automation. This makes it unsuitable for critical products.
Applications
Fast-growing technology products; urgent, unstructured, complex, or low-code projects.
Small and fast-paced projects, or those with vague requirements and frequent changes. Requires skilled teams.
Small projects with a tight budget and a newly created team, or startups with motivated staff.
Suits large, long-term projects and organizations with remote teams.
Benefits small/medium size projects with clear requirements and inexperienced teams.
Highly secure applications projects, and organizations aiming to reduce time to market to boost revenues.
Large, expensive, and complicated projects that require high flexibility.
Small and medium software applications with tight deadlines and/or budgets.
1. Agile
Every IT professional has heard about Agile at some point in their career. Based on GoodFirms’ latest survey, it’s one of the most popular software development methodologies adopted by 61.50% of organizations. Why? According to the 16th Annual State of Agile report, 52% of businesses use it to accelerate time to market; 31% say they do so to lower risks associated with adding new features (e.g., bugs, deficiencies, higher costs). Some of its principles have been embraced by other methodologies, such as Scrum and Feature Driven Development (more on these later in the article).
Agile is an iterative module that focuses on producing working software quickly, accommodating changes, and making users happy. It’s not about creating tons of documentation and following strict, inflexible procedures. How does it work? The development process is broken into small “challenges” (i.e., 1-4-week sprints) to complete. The developers identify a priority or an issue and work on it to fix it. The outcome? A working software application (i.e., minimum viable product) that’ll be improved at each iteration.
Agile Methodology’s Pros
Fix issues and release software fast. Did a customer who downloaded one of your apps complain because they got a security warning? Oops! Maybe you didn’t sign the code before publishing it because your code signing certificate expired and you forgot to renew it. With Agile, you can create a new sprint and get it fixed in no time.
Respond to project changes easily. Your customer changed their mind about a feature and you need to adapt the app to new requirements? Thanks to short iterations, you can quickly fulfill their request without delaying the release date.
Increase customer satisfaction and team performance. Customers receive a working product in a short time, while developers can focus on what they do best instead of dealing with bureaucracy.
Prove Your Software Is Trustworthy
Signing your code shows users that your software and updates can be trusted.
Download our free code signing best practices eBook to learn how to help keep your supply chain secure and your company, customers & end-users safe.
Sign up below to get access to your FREE Code Signing Best Practices Guide
Agile Methodology’s Cons
Could create problems due to lack of documentation. A new colleague joined the team in the middle of a project? This is one of the software development methodologies where you can’t count on documentation support.
Requires an experienced project manager. Do you think a junior project manager can easily run an Agile project? Think again. Agile projects can become too complex and easily go out of hand if you don’t have the right experience.
Can be labor intensive. As iterations are short (four weeks max, remember?), the teams might feel the pressure of having to deliver a complete product in a short time.
When Should You Use the Agile Methodology?
Recently chosen even by the Department of Defense (DOD) among all the other software development methodologies to keep up with new threats, Agile is perfect for:
Projects related to a new niche where market needs are still unknown.
Fast-growing technology products requiring frequent improvements on the go.
Urgent, unstructured, complex projects of any size.
Perfect for low-code projects as its practices are similar to those highlighted by the Agile manifesto.
2. Scrum
Did you know that teams that choose to fully embrace Scrum as their sole software development methodology have 250% higher work quality compared to those utilizing only part of the Scrum process (i.e., hybrid method)?
Built on the Agile principles, and highly flexible, each sprint is worked on by a focused and self-organized development team guided by the Scrum master. The client is represented by a product owner who in charge of translating requirements into user stories (i.e., a brief description of a feature from the client’s point of view).
Scrum Methodology’s Pros
Problems are fixed quickly. In 2022, 25,096 new vulnerabilities were discovered. That’s 24.2% more than the previous year. Ensuring that security flaws are addressed as earlier as possible in the software development life cycle (SDLC) has therefore become imperative. Short iterations allow you to do exactly that.
Everyone is always on the same page. Frequent meetings (e.g., sprint planning, daily standups, and reviews) ensure that each team member remains up to date and motivated.
Changes aren’t an issue. Did the customer decide to add a new requirement? Scrum is agile in nature, too! Make the magic happen. Add a new task and prioritize it in the next sprint.
Scrum Methodology’s Cons
Daily meetings can be a burden. “Dailies” are a double-edged sword. They’re great for sharing project quick status updates, but if badly managed, they can also become tedious repetitions of things that people already know. The solution? Add a visual board to keep people focused on what matters.
Isn’t suitable for less skilled developers. Working on short sprints means that developers will have to concentrate a high amount of work in a bat of an eye. Want to meet tight deadlines? You’ll need team members able to handle tasks quickly and without support.
It requires a change of mindset. I remember when one of the organizations I was working for decided to implement Scrum. Teams were reorganized and new processes were implemented. Managers had to stop micromanaging, and team members had to change how they approached work. It wasn’t easy at the beginning, but it was well worth it.
When Should You Use the Scrum Methodology?
Imagine that a client asked you to create a restaurant table booking application to help him get more customers, but he doesn’t know what he wants. The client throws a few ideas at you and says: “Let’s see how it works and go from there once I have seen the first working software.” In other words, do something, I’ll test it and then I’ll ask you to change it again. This is a good example of a project where the Scrum approach would work. And there are more:
Small/medium and fast-paced projects with tight deadlines.
Projects with highly experienced and fully committed teams.
Activities where requirements are vague and change frequently.
3. Lean
Want to reduce waste (e.g., time and resources) and enhance efficiency? This might be one of the software development methodologies for you. Based on the Agile philosophy, and on the Japanese car manufacturing Toyota’s principles, Lean gets rid of all non-productive tasks. In such a manner, developers can focus on boosting the quality of their work and identify bottlenecks.
Lean has a very short development iteration (1-2 weeks). Once a minimum viable product is produced, it’s improved based on customer feedback and market trends.
Users are engaged at every phase of the process, and team members work in small groups to enhance interaction. Communication among teams is emphasized and viewed as a gesture of mutual respect, like in Japanese society.
Lean Methodology’s Pros
Get more value with less effort. Cut all the nonsense (e.g., unnecessary documentation, and repetitive tasks) bringing no value to the final product. Eliminate redundant code that could introduce security issues. You’ll get more valuable software at a reduced cost, in a fraction of the time.
Increase motivation among teams. Team members will be more independent and won’t have to follow top-down directives. The developers will be free to decide what’s best and create their own solutions. Wouldn’t this make you feel empowered and motivated?
Flexibility is king. Unlike other software development methodologies, Lean doesn’t have a fixed project vision. Valid alternatives stay on the table until it’s time to make a decision. Isn’t this a valuable factor in uncertain or highly changing environments?
Lean Methodology’s Cons
It’s easy to get off track. Not having a strategy can be helpful in some cases but, in others, teams could easily lose sight of the final goal and pick the wrong tasks to focus on.
Lean isn’t for the faint-hearted. Did you know that in 2022, 74% of data breaches were caused by human errors? Can you imagine the level of stress a new developer would suffer realizing that a wrong decision could jeopardize the success of the project?
Deadlines are incredibly tight. Have you ever tried to create a simple, high-quality, working piece of code in two weeks? It’s tough, even for the most seasoned developers. Don’t get me wrong, it’s feasible, but only if you have highly motivated and skilled teams.
When Should You Use the Lean Methodology?
Let’s go back to our beloved table booking application example. This time the client requesting it just opened a taco bar in a small village. As it’s the only Mexican eatery for miles, the owner has been immediately overwhelmed by bookings. He needs some form of automation. However, like many new businesses, he’s cash-strapped, and can only afford something basic and cheap, but he needs it fast.
This is an example where the Lean process could work just fine, as it’s great for:
Small projects with a tight budget.
Organizations with a newly created team.
Startups with small teams and highly motivated staff.
4. Feature Driven Development (FDD)
This approach is similar to Scrum, but with nearly no meetings and a greater focus on function. FDD is also one of those software development methodologies based on Agile principles. Development activities are broken down into a list of features. Each feature is built through an iterative process lasting no more than two weeks.
FDD Methodology’s Pros
More documentation and fewer meetings. Nearly all meetings and communications are replaced by comprehensive documentation; thus, the developers can work autonomously.
High scalability. Focuses on features that can be added as often and as many as needed. This makes it perfect for scalable, long-term projects.
Delivery is fast and frequent. Working software is delivered to the customer at the end of every short iteration.
FDD Methodology’s Cons
Complexity. As most communications are replaced by documentation, each iteration’s step must be perfectly defined to the last detail. And it ain’t easy.
Small projects are a no-no. Unlike Scrum, this methodology isn’t designed for small-size projects or those with a single developer.
Need a strong lead. To make it work, you’ll have to pick the right head developer. Why? Because they’ll be the conductor in charge of coordinating the tasks. If you pick the wrong person, you’ll have a mess on your hands.
When Should You Use the FDD Methodology?
Has your table-booking application has become so successful that a big corporation wants you to develop a luxury, features-rich version to implement on all their sites worldwide? FDD may be the best candidate among all the software development methodologies we’ve listed. And it can also be useful for:
Large and long-term projects.
Organizations with teams working mostly remotely (e.g., developers).
5. Waterfall
One of the most traditional and straightforward software development methodologies, it’s still used by 9.6% of organizations surveyed by GoodFirms. It’s a rigid, linear model — the opposite of Agile — and based on sequential phases. Each step has to be completed in the right order before starting the next one. The length of the development time varies from project to project.
Want to go back to add a feature or modify something? Too bad, you can’t, there’s no way back. This is why documentation, timeline, resources, and budget must be determined before starting the project. Working with Waterfall is a bit like working in a military base: everything is very organized, and the routine is dictated by strict rules.
Waterfall Methodology’s Pros
Includes clear plans and documentation. As everything is set before starting the project, goals, milestones, and tasks are crystal clear. No doubt, no danger of going off track anymore. Like when you follow your car’s GPS directions to get to a destination.
There’s no danger of going over budget. How many times have you seen projects go over budget, and unhappy customers get slapped with a hefty bill? This doesn’t happen with Waterfall. Cost estimations are prepared in advance, making waterfall one of the most accurate software development methodologies in that regard.
It’s easy to understand. Do you have a lot of newbies in your team and you’re worried that they won’t be able to rise to the challenge? No more worries. The linearity and transparency of the Waterfall process will keep many potential pitfalls away.
Waterfall Methodology’s Cons
There’s no room for unexpected changes. Waterfall’s plans and requirements are nearly carved in stone, but customers’ exigencies and markets aren’t. With such a rigid structure, complexity and changes aren’t welcome.
Trying to fix issues can be challenging. Did you identify a critical security issue? Fixing it isn’t going to be as simple as ABC. Why? Because tests are run at the end of the development process, leaving the teams with just a tiny time window to address it.
Could negatively impact your customer satisfaction. When was the last time you had a customer with a clear project vision from the very beginning? They’re as rare as white tigers. And, as the client won’t see the code until it’s ready, the peril of doing something they don’t like (requiring costly last-minute changes) is high.
When Should You Use the Waterfall Methodology?
Imagine for a moment that your boss wants to add two simple features to the table-booking application you created for a client a few months ago. The customer has provided an accurate explanation of their requirements. Would this be the right candidate for the Waterfall methodology? Yup, just like in the case of:
Projects with a clear set of requirements from the very beginning.
Products requiring comprehensive and detailed documentation.
Activities where the final product is based on familiar technology.
Small and medium size projects with a predictable outcome and a team of rookies.
6. SecDevOps
According to Barracuda, 73% of organizations were victims of a ransomware attack in 2022. To make things worse, Veeam discovered that the average downtime caused by such attacks is of 136 hours. That’s downright scary. Knowing this, security needs to be considered of the utmost importance for software developers.
Among all the software development methodologies in our list, SecDevOps is the one explicitly putting security first in every step of the development life cycle, from start to finish. It’s an augmentation of DevOps (already embraced by 45% of the teams that participated in Logz.io DevOps Pulse 2023).
Sometimes confused with this similar but slightly different twin DevSecOps, SecDevOps get the security, development, and operations teams working together in perfect harmony. The result? Secure, reliable, and high-quality products. Regular security checks are integrated at each step of the process. Critical flaws are identified, prioritized, and addressed on the go.
SecDevOps Methodology’s Pros
Produces exceptionally secure outputs. How? All vulnerabilities are either addressed before moving to the next stage of the SDLC, or they’re prioritized and included in the workflow as items to work on. This will enhance security and keep your technical debt at the bare minimum.
Increase the velocity of code delivery. In today’s highly competitive environment, it’s the early bird that gets the worm. Increasing cooperation between teams and fixing flaws earlier will save you tons of time (and pretty dollars) while dramatically reducing the time to release. No more eleventh-hour bad surprises.
Higher customer satisfaction. Your customers want only one thing from you: a secure, first-rate product delivered fast. And this is what they’ll get once you’ve successfully implemented SecDevOps.
SecDevOps Methodology’s Cons
You’ll have to invest in training. Want to put security first? Every single member of your teams, including developers, and the operations guys will have to be trained on security best practices (e.g. secure coding, database security).
Setting it up can be challenging. Only 14% of developers considered security a top priority in 2022. Big mistake. A secure code starts with developers too. How? To give you an idea, by signing codes with a trusted (i.e., issued by a certificate authority) digital certificate to prevent tampering and guarantee integrity.
It’s one of the most complex software development methodologies (but it’s worth it). Forget the simplicity of Waterfall — this is the complete opposite. Want to be able to constantly test and monitor every single development phase, keep security at the forefront, and anticipate unwanted issues? You’ll need tech-savvy, highly committed teams that also excel in innovation and communication.
When Should You Use the SecDevOps Methodology?
The correct answer? In virtually all medium and large projects. Like all the others on our list, SecDevOps can be applied together with any software development methodology you choose to enhance security and collaboration. Even in the case of our table booking application example? That’s elementary, Watson!
7. Spiral
Also mentioned in the National Institute of Standards and Technology (NIST)’s Secure Software Development Framework (SSDF), Spiral is an effective risk-driven approach based on a mix of Agile and Waterfall practices. It’s visually represented in a swirling, twisting spiral-like design (hence the name). Focusing on iteration and risk detection, each spiral corresponds to a step of the software development process, where prototypes are built and gradually refined. This enables your team to identify issues early and manage unanticipated risks.
Spiral Methodology’s Pros
Higher risk avoidance. Risk analysis is included in every step of the project from the beginning. Security flaws and bugs are identified and fixed as soon as they’re found.
It’s very flexible. Change requests based on feedback, new vulnerabilities, new features — you name it. Everything can be added or changed whenever it’s necessary without any hassle.
Can increase customer satisfaction (and abate costs). Clients can check the product (e.g., a prototype) during each phase of the development. This means that modifications can be made before the final release keeping your customer happy and saving you money and time.
Spiral Methodology’s Cons
You can’t do without risk assessment expertise. Want to be able to identify and correctly handle project pitfalls? You’ll have to fork out some money on a risk assessment expert.
It’s complicated. Just compare the Waterfall and Spiral graphics. Which one looks more complex? Spiral, right? So, remember, for such an intricated process to succeed, you must follow procedures and thoroughly document everything.
Time management can be an issue. Flexibility is great, but it also makes it nearly impossible to forecast the number of phases to complete before release. The consequences? Running behind schedule or going over budget.
When Should You Use the Spiral Methodology?
Imagine that a new potential customer approached you about the booking app you built for the local restaurant. This time it isn’t another mom-and-pop business; rather, a restaurant chain with hundreds of locations all over the country. Their requirements are different, and they don’t mind splashing out cash on countless new features.
Yes, it’ll probably take time and a lot of work but, if you get it right, it may translate into a lifetime contract and big bucks. Wouldn’t it be the perfect chance to give Spiral a try? When can you also use it?
For large, expensive, and complicated projects.
When are needed accurate risks and cost evaluations.
When changes can happen at any time.
8. Rapid Application Development (RAD)
The key word here with RAD is quick. Specifically designed for speed, each iteration of this software development methodology produces a prototype that is released to the customers for final testing. Once the feedback is collected, your team re-works the prototype. The same steps are followed until the released product fulfills all of your customer’s requirements and expectations.
But wait, has your client changed his mind about a feature or wants to add something else to it? No problem. You can squeeze it in in the next iteration. He’ll be delighted, and you won’t release something he isn’t comfortable with.
RAD Methodology’s Pros
Customers get involved from the beginning. Are you looking to produce software that’ll exceed your customers’ expectations? This is one of the software development methodologies that can make it happen. In fact, customers are actively involved throughout the whole SDLC by providing iterative feedback.
It’s extremely adaptable. Did you receive a new customer’s request during prototyping? You can still include it. Code building is left at the very end of the iteration.
Reduces development time (and costs). Teams are small, keeping the costs low. Working with prototypes and leaving code-building activities at the very last moment has another advantage. As the final prototype looks very closely to the final code, coding revisions are kept to the minimum, which saves you precious time.
RAD Methodology’s Cons
It depends a lot on active customer feedback. Do you have a prototype ready but you’re still waiting on customer input? Houston, we have a problem. To make this process work, you’ll need highly responsive customers ready to get involved from the very beginning.
Skilled developers and automation are an expensive must. Automation is among the top three CIO’s business initiatives driving investments in 2023. RAD is based on automation. But, automation requires upfront high expenditures in sophisticated development tools like computer-aided software system engineering (CASE) tools, advanced programming techniques, and skilled developers.
Not suitable for vitally important products. RAD is fast paced. It’s so fast that it isn’t recommended for some highly sensitive products where even a small oversight or glitch could put lives in danger. For instance, no one would build flight control software or pacemaker firmware following the RAD methodology as both would need much more time and accuracy.
When Should You Use the RAD Methodology?
Let’s look at the table booking application example again. After the latest MOVEit data breach affected thousands of well-known firms globally, your customers want a more secure app. You, therefore, add a layer of protection to the web application by ensuring that even those pages that aren’t transmitting highly sensitive data (e.g., credit card numbers) are encrypted using a transport layer security (TLS) protocol (formerly SSL, or secure sockets layer) and a strong hashing algorithm.
The RAD method will let you implement this change in no time. What else can it help you with?
Developing small and medium software applications on a tight deadline.
Being successful when dealing with projects requiring rapid changes on a budget.
Creating and releasing quick software updates.
OK, now that you have a complete pool of software development methodologies candidates, why should you bother changing the way your teams are working? There are several jolly good reasons. Let’s explore the four most important ones.
Why Should You Follow a Specific Software Development Methodology?
Yes, why shouldn’t software development teams just follow their guts or the same old routine instead of implementing something new that may take too long to learn, and restrict their autonomy and creativity?
Structure. A software development methodology will bring order and structure to an unorganized software development workflow. How can you keep track of customers’ shifting requests, changes in priorities, and bugs when your procedures are vague and based on habits?
Security. It’ll help you reduce exposures by ensuring that critical vulnerabilities are promptly identified and addressed. Goodbye, last-minute patches, and codes sprinkled with flaws!
Costs. Learning how to make the most of the people you have, you’ll create a five-star software program, fast, and at a lower cost. And this takes us to the next point.
Quality. Do you have an idea of how much poor-quality software costs the U.S. in 2022? Based on the last estimation, at least $2.41 trillion (according to CISQ). Software vulnerabilities and technical debt are two of the top root causes. Want to increase the quality of your codes? Follow one of the software development methodologies listed above.
So, there you have it. All you have to do is pick your favorite framework, give some structure to your tasks, and create superior, secure codes while reducing the overall development costs. Boom! You’re on the right track to generate outstanding products that’ll supersize your sales.
Final Thoughts on Software Development Methodologies
Using the right software development methodology is critical to the success of every software project. Because, as we’ve just learned, one size doesn’t fit all. Each methodology has its own strengths and weaknesses, and it can be more or less effective depending on the situation.
Large projects may benefit from implementing the Agile or Feature Driven Development methodology. Those requiring predictability, fewer adjustments, and a stable process may succeed following the more traditional Waterfall method.
Did you like different aspects of multiple software development methodologies but can’t land on just one to use? That’s alright. You can always take the hybrid approach: pick what you like from what you’ve just discovered, mix them together, et voila’ — you now have your very own software development process. As long as it’s repeatable and structured, it’ll work. Just be sure to integrate security throughout your process to avoid security-related headaches down the line.
Wait! Before you go, don’t forget that to develop secure and high-quality products, you need to:
Only then will your organization be ready to crank out more secure and successful software than ever.
Code Signing Best Practices
Want to keep your software and code safe?
Enter your contact information below below to receive your FREE Best Practices PDF:
Contact details collected by CodeSigningStore.com may be used to send you requested information, blog update notices, and for marketing purposes. Learn more…
New users – if this is your first time purchasing a cloud signing product from us, check the email address entered during enrollment for a message from DigiCert. Create your password and follow this guide.
Existing users – if you’ve purchased a cloud signing certificate in this account before, you already have an account. We’ve update your DigiCert CertCentral account to allow another Code Signing Certificate request. Login to your account here.
suspension note
In order to comply with U.S. export control and economic sanctions laws and regulations, as well as our corporate policies, we do not support users accessing our applications from Cuba, Iran, North Korea, Syria, and the regions of Crimea, Donetsk People’s Republic (DNR) and Luhansk People’s Republic (LNR) of Ukraine without prior approval from the U.S. government.
Please be aware that these restrictions apply even when a user is on temporary travel to embargoed regions although the user may not normally reside there. If you believe that you have reached this page in error, please reach out to support.
Code Signing Certificate Delivery Options
Industry standards set by the CA/B Forum now require that all code signing certificate keys be stored on a FIPS-compliant hardware security module (HSM) or hardware token. This is an industry-wide countermeasure against the rise in breaches associated with stolen signing keys. Only certificates that follow these requirements will be trusted by Microsoft Windows and other platforms.
We offer several options to deliver your code signing certificate in compliance with these new requirements:
Easiest Option: Token + Shipping
This is the simplest option and what we recommend for most customers. DigiCert will ship a USB eToken to you, then you’ll use DigiCert’s provided software to download and install the certificate onto your USB Token.
You’ll be able to plug the USB token into your computer or server then sign files using your preferred tool (eg. SignTool.exe, JarSigner, etc.)
Use an Existing Token
If you already own a compatible USB eToken (SafeNet 5110 CC, SafeNet 5110 FIPS, or SafeNet 5110+ FIPS), you can use DigiCert’s provided software to download and install the certificate onto your USB token.
Advanced Option: Install on a Hardware Security Module (HSM)
If you use a cloud or on-prem hardware security module (HSM), you can choose this option to download and install your certificate onto your HSM. DigiCert will send you an email asking you to confirm that your HSM meets the security standards, then they’ll deliver the certificate to you digitally for installation.
Any FIPS 140 Level 2, Common Criteria EAL 4+, or equivalent HSM is compatible for this option. You can use an HSM you manage directly or you may use a key storage/vault solution that uses a compliant HSM (for example, Azure Key Vault or AWS KMS).
Code Signing Certificate Delivery Options
Industry standards set by the CA/B Forum now require that all code signing certificate keys be stored on a FIPS-compliant hardware security module (HSM) or hardware token. This is an industry-wide countermeasure against the rise in breaches associated with stolen signing keys. Only certificates that follow these requirements will be trusted by Microsoft Windows and other platforms.
We offer several options to deliver your code signing certificate in compliance with these new requirements:
Easiest Option: Get your certificate shipped from Sectigo on a USB token
This is the simplest option and what we recommend for most customers. Just choose one of these options to have your code signing certificate and key shipped to you on a FIPS-compliant eToken (USB token):
Delivery Option
Shipping Details
USB Token + Shipping (US)
Ground shipping to addresses within the United States.
USB Token + Expedited Shipping (US)
Air express shipping to addresses within the United States.
USB Token + International Shipping (non-US)
Choose this option if your shipping address is not in the United States.
You’ll be able to plug the USB token into your computer or server then sign files using your preferred tool (eg. SignTool.exe, JarSigner, etc.)
Advanced Option: Install on your own HSM or hardware token
If you already own a compliant token or HSM, you can choose this option to download and install the certificate onto your supported device:
Luna Network Attached HSM V7.x
YubiKey 5 FIPS Series
Only the listed models are compatible. For compatibility with other HSM models, please choose a DigiCert or GoGetSSL code signing certificate.
Code Signing Certificate Delivery Options
Industry standards set by the CA/B Forum now require that all code signing certificate keys be stored on a FIPS-compliant hardware security module (HSM) or hardware token. This is an industry-wide countermeasure against the rise in breaches associated with stolen signing keys. Only certificates that follow these requirements will be trusted by Microsoft Windows and other platforms.
We offer several options to deliver your code signing certificate in compliance with these new requirements:
Easiest Option: Get your certificate shipped from Comodo CA on a USB token
This is the simplest option and what we recommend for most customers. Just choose one of these options to have your code signing certificate and key shipped to you on a FIPS-compliant eToken (USB token):
Delivery Option
Shipping Details
USB Token + Shipping (US)
Ground shipping to addresses within the United States.
USB Token + Expedited Shipping (US)
Air express shipping to addresses within the United States.
USB Token + International Shipping (non-US)
Choose this option if your shipping address is not in the United States.
You’ll be able to plug the USB token into your computer or server then sign files using your preferred tool (eg. SignTool.exe, JarSigner, etc.)
Advanced Option: Install on your own HSM or hardware token
If you already own a compliant token or HSM, you can choose “Install on Existing HSM” to download and install the certificate onto your supported device:
Luna Network Attached HSM V7.x
YubiKey 5 FIPS Series
Only the listed models are compatible. For compatibility with other HSM models, please choose a DigiCert or GoGetSSL code signing certificate.