Application security is hard, but there are some best practices to help you achieve it: automate as much as possible, build security as a guardrail instead of a gate, select solutions that provide easily understood insights, and make security adaptable, scalable, and reliable.
Evaluation and Risk Analysis: Risk analysis includes identifying, estimating, and observing technical feasibility such as schedule slippage and cost overrun. After testing the build, at the end of first iteration, user evaluates the software and provides the feedback. Based on the customer assessment, development process enters into the next iteration and afterwards follows the linear approach to implement the feedback provided by the user. The process of iterations along the spiral carries on with throughout the life of the software.