Main Menu

Daily using/supporting

Get Firefox browser!
Get Thunderbird!
Get Opera browser!
Get The Gimp!
Get Inkscape!
Get LibreOffice!
Get Videolan!
Get Linux!
Get Mandriva!
Get Joomla!
Hacker Emblem

Popular Tags

Archives

Which topics would you like us to cover more?

Latest comments

Latest tweets

about 1 day ago Using REDIPS.drag to add drag and drop to your .Net webapplication #li #dib0 http://t.co/n8zY3s7d
about 7 days ago http://t.co/cknQcDbo #Kindle
about 15 days ago Freedom isn't the ability to choose what to do or say, but the ability to choose what not to do or say #freedom
about 29 days ago http://t.co/61KTQknI #Kindle
12 Apr 2012 Force the use of a networking adapter using C# #li #dib0 http://t.co/ZTJOPzOz
9 Apr 2012 http://t.co/k9yliR2t #Kindle
9 Apr 2012 Mandriva 2010.2 and USB devices in Virtualbox http://t.co/fwq9gbHB
9 Apr 2012 Execute a http request to you own site with PHP http://t.co/DIvWPrpd
Twitter
Prev Next
Home Architecture, security and coding CLASP and SDL compared
CLASP and SDL compared
Written by Division by Zero   
Monday, 13 September 2010 20:43

Wondering about which Secure Development Process is best applicable when I wanted to compare Microsoft's SDL and OWASP's CLASP. After a short search I found a paper which already did this or at least in part. Here's the conclusion from the paper:

"This paper compares two high-profile development processes
for secure software, in a theoretical way. The general
characteristics of the processes have been described as well
as the specific differences over the various development
phases, from the perspective of process activities. In summary,
it is fair to say that SDL offers a well guided process
that is targeted at security as a supporting software quality,
while CLASP addresses security from a broader perspective
and it can be flexibly tailored to the specific development
environment. Apart from this theoretical evaluation,
experimental assessment in concrete products will clearly
provide additional validation of both approaches.
As ongoing research, the authors are working on combining
the strong points of both approaches in order to distill
an improved, consolidated process. This requires addressing,
as well as validating, most of the areas of improvement
that were discussed in the second part of the paper."

Personally I lean towards CLASP, because it is really more comprehensive and more clear on who has to do what. But I guess that's probably mostly a matter of taste. Choosing one or the other will help you be more secure, that's a given. Here's a link to the paper in case the links above stops working.

Tags:

Related Articles
 

Add comment


Security code
Refresh

The right word may be effective, but no word was ever as effective as a rightly timed pause. - Mark Twain


© 2009 - 2012, Division by Zero

Template based on the empire template by joomlashack 

Valid XHTML 1.0 Strict  Valid CSS!  Creative Commons License
This work by Division by Zero is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Netherlands License.