On the Secure Software Development Process: CLASP and SDL Compared

Authors:
Johan Gregoire;Koen Buyens;Bart De Win;Riccardo Scandariato;Wouter Joosen
Affiliations:
K.U. Leuven, Belgium;K.U. Leuven, Belgium;K.U. Leuven, Belgium;K.U. Leuven, Belgium;K.U. Leuven, Belgium
Venue:
SESS '07 Proceedings of the Third International Workshop on Software Engineering for Secure Systems
Year:
2007

Citing 10
Cited 8

Process innovation: reengineering work through information technology

Process innovation: reengineering work through information technology
The unified software development process

The unified software development process
Extreme programming explained: embrace change

Extreme programming explained: embrace change
Building secure software: how to avoid security problems the right way

Building secure software: how to avoid security problems the right way
Writing Secure Code

Writing Secure Code
Correctness by Construction: Developing a Commercial Secure System

IEEE Software
Software Security: Building Security In

Software Security: Building Security In
The Security Development Lifecycle

The Security Development Lifecycle
Security Metrics: Replacing Fear, Uncertainty, and Doubt

Security Metrics: Replacing Fear, Uncertainty, and Doubt
SP 800-27 Rev. A. Engineering Principles for Information Technology Security (A Baseline for Achieving Security), Revision A

SP 800-27 Rev. A. Engineering Principles for Information Technology Security (A Baseline for Achieving Security), Revision A

The 3rd International Workshop on Software Engineering for Secure Systems SESS07--Dependable and Secure

ICSE COMPANION '07 Companion to the proceedings of the 29th International Conference on Software Engineering
Applying an open application security process to a clinical information system: a case study

Proceedings of the 2008 C3S2E conference
Integrating web application security into the IT curriculum

SIGITE '08 Proceedings of the 9th ACM SIGITE conference on Information technology education
Secure Software Engineering: Learning from the Past to Address Future Challenges

Information Security Journal: A Global Perspective
Research on software design level security vulnerabilities

ACM SIGSOFT Software Engineering Notes
RUP-based process model for security requirements engineering in value-added service development

IWSESS '09 Proceedings of the 2009 ICSE Workshop on Software Engineering for Secure Systems
Pattern-Based context establishment for service-oriented architectures

Software Service and Application Engineering
Building Secure Software Using XP

International Journal of Secure Software Engineering

Quantified Score

Hi-index	0.00

Visualization

Abstract

Development processes for software construction are common knowledge and mainstream practice in most development organizations. Unfortunately, these processes offer little support in order to meet security requirements. Over the years, research efforts have been invested in specific methodologies and techniques for secure software engineering, yet complete, dedicated processes have been proposed only recently. In this paper, two high-profile processes for the development of secure software, namely OWASP's CLASP and Microsoft's SDL, are evaluated and compared in detail. The paper identifies the commonalities, discusses the specificity of each approach, and proposes suggestions for improvement.