On the secure software development process: CLASP, SDL and Touchpoints compared

On the secure software development process: CLASP, SDL and Touchpoints compared

Development processes for software construction are common knowledge and mainstream practice in most development organizations. Unfortunately, these processes offer little support in order to meet security requirements. Over the years, research efforts have been invested in specific methodologies an...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Information and software technology 2009-07, Vol.51 (7), p.1152-1171
Hauptverfasser: De Win, Bart, Scandariato, Riccardo, Buyens, Koen, Grégoire, Johan, Joosen, Wouter
Format: Artikel
Sprache:eng
Schlagworte:
CLASP
Commonality
Comparative analysis
Computer information security
Computer programs
Construction
Cybersecurity
Organizations
SDL
Secure software
Software
Software development
Software engineering
Software process
Studies
Systems development
Touchpoints
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Development processes for software construction are common knowledge and mainstream practice in most development organizations. Unfortunately, these processes offer little support in order to meet security requirements. Over the years, research efforts have been invested in specific methodologies and techniques for secure software engineering, yet dedicated processes have been proposed only recently. In this paper, three high-profile processes for the development of secure software, namely OWASP’s CLASP, Microsoft’s SDL and McGraw’s Touchpoints, are evaluated and compared in detail. The paper identifies the commonalities, discusses the specificity of each approach, and proposes suggestions for improvement.
ISSN:0950-5849
1873-6025
DOI:10.1016/j.infsof.2008.01.010