Benchmarking SDL and CLASP lifecycle

摘要

Processes for secure software development play a crucial role in the software lifecycle. They help organizations to meet security requirements throughout the development lifecycle. Among these processes, OWASP's CLASP and Microsoft's SDL are leaders for security support in the software life cycle. This has prompted researchers to compare and evaluate these two approaches in order to use them in an opportunistic manner. However, these studies focus mainly on the activities identified in each of these approaches. We think that the interested parties point of view is important. So, our research question is: what are the main concerns for the various stakeholders in a secure development lifecycle? And how SDL and CLASP contribute to meet these concerns? This paper aims to study and compare the two approaches with considering three dimensional viewpoints: security and security audit viewpoint, software engineering viewpoint and decider viewpoint according to the stakeholders involved in these processes. Our comparison is based on a number of criteria that we classified according to these 3 viewpoints.