Process innovation: reengineering work through information technology
Process innovation: reengineering work through information technology
The unified software development process
The unified software development process
Extreme programming explained: embrace change
Extreme programming explained: embrace change
Building secure software: how to avoid security problems the right way
Building secure software: how to avoid security problems the right way
Writing Secure Code
Software Security: Building Security In
Software Security: Building Security In
The Security Development Lifecycle
The Security Development Lifecycle
Security Metrics: Replacing Fear, Uncertainty, and Doubt
Security Metrics: Replacing Fear, Uncertainty, and Doubt
SP 800-27 Rev. A. Engineering Principles for Information Technology Security (A Baseline for Achieving Security), Revision A
ICSE COMPANION '07 Companion to the proceedings of the 29th International Conference on Software Engineering
Applying an open application security process to a clinical information system: a case study
Proceedings of the 2008 C3S2E conference
Integrating web application security into the IT curriculum
SIGITE '08 Proceedings of the 9th ACM SIGITE conference on Information technology education
Secure Software Engineering: Learning from the Past to Address Future Challenges
Information Security Journal: A Global Perspective
Research on software design level security vulnerabilities
ACM SIGSOFT Software Engineering Notes
RUP-based process model for security requirements engineering in value-added service development
IWSESS '09 Proceedings of the 2009 ICSE Workshop on Software Engineering for Secure Systems
Pattern-Based context establishment for service-oriented architectures
Software Service and Application Engineering
Building Secure Software Using XP
International Journal of Secure Software Engineering
Hi-index | 0.00 |
Development processes for software construction are common knowledge and mainstream practice in most development organizations. Unfortunately, these processes offer little support in order to meet security requirements. Over the years, research efforts have been invested in specific methodologies and techniques for secure software engineering, yet complete, dedicated processes have been proposed only recently. In this paper, two high-profile processes for the development of secure software, namely OWASP's CLASP and Microsoft's SDL, are evaluated and compared in detail. The paper identifies the commonalities, discusses the specificity of each approach, and proposes suggestions for improvement.