Benchmarking SDL and CLASP lifecycle

Processes for secure software development play a crucial role in the software lifecycle. They help organizations to meet security requirements throughout the development lifecycle. Among these processes, OWASP's CLASP and Microsoft's SDL are leaders for security support in the software life cycle. This has prompted researchers to compare and evaluate these two approaches in order to use them in an opportunistic manner. However, these studies focus mainly on the activities identified in each of these approaches. We think that the interested parties point of view is important. So, our research question is: what are the main concerns for the various stakeholders in a secure development lifecycle? And how SDL and CLASP contribute to meet these concerns? This paper aims to study and compare the two approaches with considering three dimensional viewpoints: security and security audit viewpoint, software engineering viewpoint and decider viewpoint according to the stakeholders involved in these processes. Our comparison is based on a number of criteria that we classified according to these 3 viewpoints.

[1]  Wouter Joosen,et al.  On the Secure Software Development Process: CLASP and SDL Compared , 2007, Third International Workshop on Software Engineering for Secure Systems (SESS'07: ICSE Workshops 2007).

[2]  Ounsa Roudies,et al.  Reducing the gap between security audit and software engineering methods , 2013, 2013 Science and Information Conference.

[3]  Wouter Joosen,et al.  On the secure software development process: CLASP, SDL and Touchpoints compared , 2009, Inf. Softw. Technol..

[4]  Mehmet Kara,et al.  REVIEW ON COMMON CRITERIA AS A SECURE SOFTWARE DEVELOPMENT MODEL , 2012 .

[5]  John C. Kelly,et al.  Reducing Software Security Risk through an Integrated Approach , 2000, WETICE.

[6]  Seyed-Hassan Mirian-Hosseinabadi,et al.  Integrating software development security activities with agile methodologies , 2008, 2008 IEEE/ACS International Conference on Computer Systems and Applications.