Abstract
Defining secure processes is an important means for assuring software security. A wealth of dedicated secure processes has emerged in these years. These processes are similar to some extent, while differ from one another in detail. Conceptually, they can be further regarded as a so called “Process Family”. In order to integrate practices from different family members, and further improve efficiency and effectiveness compared to using a single process, in this paper we propose an automatic approach to implement the integration of the three forefront secure processes, namely, CLASP, SDL and Touchpoints. Moreover, we select a module from an e-government project in China, and conduct an exploratory experiment to compare our approach with cases when one single secure process is employed. The empirical result confirms the positive effects of our approach.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Taylor, D., McGraw, G.: Adopting a software security improvement program. IEEE Security & Privacy (2005)
Byer, D., Shahmehri, N.: Design of a Process for Software Security. In: International Conference on Availability, Reliability and Security (2007)
lightweight application security process, http://www.owasp.org
Steve, L., Michael, H.: The Security Development Lifecycle (SDL): A Process for Developing Demonstrably More Secure Software. Microsoft Press, Redmond (2006)
Gary, M.: Software Security: Building Security. Addison Wesley, Reading (2006)
Mead, N.R., Houg, E.D., Stehney, T.R.: Security Quality Requirements Engineering (Square) Methodology. Software Eng. Inst., Carnegie Mellon Univ. (2005)
Boström., G., et al.: Extending XP Practices to Support Security Requirements Engineering. In: International Workshop Software Eng. for Secure Systems, SESS (2006)
Bart, R.S., Koen, D., Johan, B., Wouter, G.: On the secure software development process: CLASP, SDL and Touchpoints compared. Information and Software Technology, 1152–1171 (2008)
Simidchieva, B.I., Clarke. L.A., Osterweil, L.J.: Representing Process Variation with a Process Family. In: International Conference on Software Process (2007)
Sutton, S.M., Osterweil, L.J.: Product families and process families. In: Software Process Workshop (1996)
Buyens, J.G.K., Win, B.D., Scandariato, R., Joosen, W.: Similarities and differences between CLASP, SDL, and Touchpoints: the activity-matrix, K.U. Leuven, Department of Computer Science (2007)
Ambler, S.W.: Process Patterns: Building Large-Scale Systems using Object technology. SIGS Books/Cambridge University Press, New York (1998)
Land, I.C.R., Larsson, S.: Process Patterns for Software Systems In-house Integration and Merge – Experiences from Industry. In: Software Engineering and Advanced Applications (2005)
Wang, Y., Meng, X.-x., Shi, L., Wang, F.-j.: A Process Pattern Language for Agile Methods. In: Asia-Pacific Software Engineering Conference (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ma, Jk., Wang, Ys., Shi, L., Mei, H. (2010). An Automatic Approach to Aid Process Integration within a Secure Software Processes Family. In: Münch, J., Yang, Y., Schäfer, W. (eds) New Modeling Concepts for Today’s Software Processes. ICSP 2010. Lecture Notes in Computer Science, vol 6195. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-14347-2_17
Download citation
DOI: https://doi.org/10.1007/978-3-642-14347-2_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-14346-5
Online ISBN: 978-3-642-14347-2
eBook Packages: Computer ScienceComputer Science (R0)