• DocumentCode
    3062011
  • Title

    On the Secure Software Development Process: CLASP and SDL Compared

  • Author

    Grégoire, Johan ; Buyens, Koen ; De Win, B. ; Scandariato, Riccardo ; Joosen, Wouter

  • Author_Institution
    K.U. Leuven, Leuven
  • fYear
    2007
  • fDate
    20-26 May 2007
  • Firstpage
    1
  • Lastpage
    1
  • Abstract
    Development processes for software construction are common knowledge and mainstream practice in most development organizations. Unfortunately, these processes offer little support in order to meet security requirements. Over the years, research efforts have been invested in specific methodologies and techniques for secure software engineering, yet complete, dedicated processes have been proposed only recently. In this paper, two high-profile processes for the development of secure software, namely OWASP´s CLASP and Microsoft´s SDL, are evaluated and compared in detail. The paper identifies the commonalities, discusses the specificity of each approach, and proposes suggestions for improvement.
  • Keywords
    software engineering; comprehensive lightweight application security process; security development lifecycle; security requirements; software construction; software development process; software engineering; Best practices; Books; Computer science; Counting circuits; Documentation; Guidelines; Programming; Risk management; Security; Software engineering;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Software Engineering for Secure Systems, 2007. SESS '07: ICSE Workshops 2007. Third International Workshop on
  • Conference_Location
    Minneapolis, MN
  • Print_ISBN
    0-7695-2952-6
  • Type

    conf

  • DOI
    10.1109/SESS.2007.7
  • Filename
    4273327
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3062011