On the secure software development process: CLASP, SDL and Touchpoints compared

Artigo Acesso aberto Revisado por pares

On the secure software development process: CLASP, SDL and Touchpoints compared

2008; Elsevier BV; Volume: 51; Issue: 7 Linguagem: Inglês

10.1016/j.infsof.2008.01.010

ISSN

1873-6025

Autores

Bart De Win, Riccardo Scandariato, Koen Buyens, Johan Grégoire, Wouter Joosen,

Tópico(s)

Digital and Cyber Forensics

Resumo

Development processes for software construction are common knowledge and mainstream practice in most development organizations. Unfortunately, these processes offer little support in order to meet security requirements. Over the years, research efforts have been invested in specific methodologies and techniques for secure software engineering, yet dedicated processes have been proposed only recently. In this paper, three high-profile processes for the development of secure software, namely OWASP's CLASP, Microsoft's SDL and McGraw's Touchpoints, are evaluated and compared in detail. The paper identifies the commonalities, discusses the specificity of each approach, and proposes suggestions for improvement.

Ver no editor

Altmetric

PlumX

Entrar

Lembrar minha senha

Receber meu e-mail de confirmação

On the secure software development process: CLASP, SDL and Touchpoints compared