Handbook
Spiral Model
The **Spiral Model** (Barry Boehm, 1986) is a **risk-driven** software development process that combines elements of **iterative** development with **systematic** risk management. Work progresses thro
Spiral Model
What it is
The Spiral Model (Barry Boehm, 1986) is a risk-driven software development process that combines elements of iterative development with systematic risk management. Work progresses through repeated spirals (cycles), each passing through four quadrants: determine objectives, identify and resolve risks, develop and test, and plan the next iteration. Each spiral produces a progressively more complete version of the product.
It is not a simple waterfall or a lightweight Agile cadence. It is a strong fit when high-risk, large-scale, or safety-critical systems require systematic risk analysis before committing resources to each development phase.
Process diagram (handbook)
Each spiral passes through four quadrants; the radius grows with cumulative cost and progress. Risk analysis gates each cycle.
Authoritative sources (external)
| Resource | Executive summary (why it's linked here) |
|---|---|
| Wikipedia — Spiral model | Stable overview of Boehm's model—quadrants, risk-driven cycles, history, and comparison with other lifecycles. |
| Wikipedia — Barry Boehm | Author biography—context for the model's origins in defense/aerospace software. |
| SEI/CMU — Spiral Model resources | Software Engineering Institute — research and publications on risk-driven processes; search for "spiral model" for relevant papers. |
Paper: Boehm, B.W. "A Spiral Model of Software Development and Enhancement," IEEE Computer, 21(5), May 1988 — the canonical publication.
Core structure (summary)
Four quadrants (per spiral)
| Quadrant | Activities |
|---|---|
| 1 — Determine objectives | Define goals, alternatives, and constraints for this cycle. |
| 2 — Identify & resolve risks | Risk analysis, prototyping, simulation, benchmarking — address top risks before committing to build. |
| 3 — Develop & test | Design, code, integrate, and verify the increment. |
| 4 — Plan next iteration | Review results, get stakeholder commitment, plan the next spiral. |
Key characteristics
| Characteristic | Description |
|---|---|
| Risk-driven | Risk analysis determines the effort and approach for each cycle; high-risk items are addressed first. |
| Iterative | Multiple spirals, each producing a more complete product; not a single pass. |
| Anchor-point milestones | Life Cycle Objectives (LCO), Life Cycle Architecture (LCA), Initial Operational Capability (IOC) — stakeholder commitment gates. |
| Flexible | Subsumes other models: a spiral can contain a waterfall phase, a prototype, an Agile iteration, or a formal review. |
| Cumulative cost | The spiral's radius represents cumulative project cost and progress. |
Mapping to this blueprint's SDLC
Software development lifecycle (SDLC) uses Phases A–F (discover → release). The Spiral Model maps as multiple passes through these phases, with risk analysis gating each pass:
| Spiral idea | Blueprint touchpoint |
|---|---|
| Objectives + constraints (Q1) | Phase A–B: discovery, requirements, feasibility in docs/requirements/. |
| Risk analysis + prototyping (Q2) | Phase B–C: risk register, proof-of-concept, design alternatives. |
| Development + testing (Q3) | Phase C–E: build, verify, integrate — scope depends on the spiral. |
| Planning + review (Q4) | Phase E–F + next A: review, stakeholder commit, plan next cycle. |
| Anchor-point milestones | Phase gates: LCO ≈ end of discovery, LCA ≈ architecture approved, IOC ≈ first operational release. |
Each spiral may be short (weeks for a prototype) or long (months for a safety-critical build phase). The key is that risk analysis precedes commitment in every cycle.
Agentic SDLC: Spiral + agents + tracking
| Topic | Guidance |
|---|---|
| Risk analysis | Agents can assist with automated risk scanning (dependencies, security, complexity metrics) but human judgment drives risk prioritization and resolution strategy. |
| Prototyping | Agents can rapidly generate prototypes for risk reduction; ensure prototypes are disposable (not accidentally promoted to production). |
| Anchor-point reviews | Stakeholder commitment at LCO/LCA/IOC is a human decision; agents can prepare evidence packages. |
| Tracking | Each spiral should be trackable as a milestone or iteration in the tracking spine; risk register updates are explicit artifacts. |
Spiral vs other methodologies
| Comparison | Relationship |
|---|---|
| Spiral → Phased | Phased delivery is a single pass; Spiral is multiple passes with risk gates. A phased project can use Spiral thinking by adding risk analysis before each phase gate. |
| Spiral → Agile | Agile iterations can be viewed as lightweight spirals where risk analysis is implicit in demo/retro feedback. Spiral makes risk management explicit and systematic. |
| Spiral → V-Model | V-Model pairs development with testing levels; Spiral adds risk-driven iteration and prototyping to the verification structure. |
Ceremonies
Methodology-neutral intent types (Align, Commit, Sync, …) live in Ceremony foundation (methodology-neutral). Spiral events mapped to those intents: Spiral ceremonies → ceremony foundation.
Prescriptive deep dive (teams)
Package Spiral Model — deep-dive package (blueprint) — foundation fit, roles (risk analyst, chief architect, project manager, stakeholders), ceremonies (risk review, anchor-point review, prototype demo, spiral planning), process maps.
Further reading
- Wikipedia — Spiral model — Overview of quadrants and history.
- IEEE — Boehm's 1988 paper — Original publication (may require IEEE access).
- Companion: Phased delivery, Agile umbrella, Agentic SDLC
Canonical source
Edit https://github.com/autowww/blueprints/blob/main/sdlc/methodologies/spiral.md first; regenerate with docs/build-handbook.py.