Title :
Benchmarking SDL and CLASP lifecycle
Author :
El rhaffari, Ikram ; Roudies, Ounsa
Author_Institution :
Ecole Mohammadia d´Ing., Mohammed V-Agdal Univ., Agdal, Morocco
Abstract :
Processes for secure software development play a crucial role in the software lifecycle. They help organizations to meet security requirements throughout the development lifecycle. Among these processes, OWASP´s CLASP and Microsoft´s SDL are leaders for security support in the software life cycle. This has prompted researchers to compare and evaluate these two approaches in order to use them in an opportunistic manner. However, these studies focus mainly on the activities identified in each of these approaches. We think that the interested parties point of view is important. So, our research question is: what are the main concerns for the various stakeholders in a secure development lifecycle? And how SDL and CLASP contribute to meet these concerns? This paper aims to study and compare the two approaches with considering three dimensional viewpoints: security and security audit viewpoint, software engineering viewpoint and decider viewpoint according to the stakeholders involved in these processes. Our comparison is based on a number of criteria that we classified according to these 3 viewpoints.
Keywords :
benchmark testing; security of data; software performance evaluation; software product lines; Microsoft SDL lifecycle benchmarking; OWASP CLASP lifecycle benchmarking; decider viewpoint; secure software development lifecycle; security audit viewpoint; security requirements; security support; software engineering viewpoint; software lifecycle; Benchmark testing; Business; Documentation; Measurement; Optimization; Security; Software; Benchmark; CLASP; SDL; intentional; security; security audit; software lifecycle;
Conference_Titel :
Intelligent Systems: Theories and Applications (SITA-14), 2014 9th International Conference on
Conference_Location :
Rabat
Print_ISBN :
978-1-4799-3566-6
DOI :
10.1109/SITA.2014.6847280
