On the secure software development process: CLASP, SDL and Touchpoints compared
B De Win, R Scandariato, K Buyens, J Grégoire… - Information and software …, 2009 - Elsevier
B De Win, R Scandariato, K Buyens, J Grégoire, W Joosen
Information and software technology, 2009•ElsevierDevelopment processes for software construction are common knowledge and mainstream
practice in most development organizations. Unfortunately, these processes offer little
support in order to meet security requirements. Over the years, research efforts have been
invested in specific methodologies and techniques for secure software engineering, yet
dedicated processes have been proposed only recently. In this paper, three high-profile
processes for the development of secure software, namely OWASP's CLASP, Microsoft's …
practice in most development organizations. Unfortunately, these processes offer little
support in order to meet security requirements. Over the years, research efforts have been
invested in specific methodologies and techniques for secure software engineering, yet
dedicated processes have been proposed only recently. In this paper, three high-profile
processes for the development of secure software, namely OWASP's CLASP, Microsoft's …
Development processes for software construction are common knowledge and mainstream practice in most development organizations. Unfortunately, these processes offer little support in order to meet security requirements. Over the years, research efforts have been invested in specific methodologies and techniques for secure software engineering, yet dedicated processes have been proposed only recently. In this paper, three high-profile processes for the development of secure software, namely OWASP’s CLASP, Microsoft’s SDL and McGraw’s Touchpoints, are evaluated and compared in detail. The paper identifies the commonalities, discusses the specificity of each approach, and proposes suggestions for improvement.
Elsevier