Title :
On the Secure Software Development Process: CLASP and SDL Compared
Author :
Grégoire, Johan ; Buyens, Koen ; De Win, B. ; Scandariato, Riccardo ; Joosen, Wouter
Author_Institution :
K.U. Leuven, Leuven
Abstract :
Development processes for software construction are common knowledge and mainstream practice in most development organizations. Unfortunately, these processes offer little support in order to meet security requirements. Over the years, research efforts have been invested in specific methodologies and techniques for secure software engineering, yet complete, dedicated processes have been proposed only recently. In this paper, two high-profile processes for the development of secure software, namely OWASP´s CLASP and Microsoft´s SDL, are evaluated and compared in detail. The paper identifies the commonalities, discusses the specificity of each approach, and proposes suggestions for improvement.
Keywords :
software engineering; comprehensive lightweight application security process; security development lifecycle; security requirements; software construction; software development process; software engineering; Best practices; Books; Computer science; Counting circuits; Documentation; Guidelines; Programming; Risk management; Security; Software engineering;
Conference_Titel :
Software Engineering for Secure Systems, 2007. SESS '07: ICSE Workshops 2007. Third International Workshop on
Conference_Location :
Minneapolis, MN
Print_ISBN :
0-7695-2952-6
DOI :
10.1109/SESS.2007.7
