An Automatic Approach to Aid Process Integration within a Secure Software Processes Family

  • Jia-kuan Ma
  • Ya-sha Wang
  • Lei Shi
  • Hong Mei
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6195)


Defining secure processes is an important means for assuring software security. A wealth of dedicated secure processes has emerged in these years. These processes are similar to some extent, while differ from one another in detail. Conceptually, they can be further regarded as a so called “Process Family”. In order to integrate practices from different family members, and further improve efficiency and effectiveness compared to using a single process, in this paper we propose an automatic approach to implement the integration of the three forefront secure processes, namely, CLASP, SDL and Touchpoints. Moreover, we select a module from an e-government project in China, and conduct an exploratory experiment to compare our approach with cases when one single secure process is employed. The empirical result confirms the positive effects of our approach.


Secure software process Process family Process integration 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Taylor, D., McGraw, G.: Adopting a software security improvement program. IEEE Security & Privacy (2005)Google Scholar
  2. 2.
    Byer, D., Shahmehri, N.: Design of a Process for Software Security. In: International Conference on Availability, Reliability and Security (2007)Google Scholar
  3. 3.
    lightweight application security process,
  4. 4.
    Steve, L., Michael, H.: The Security Development Lifecycle (SDL): A Process for Developing Demonstrably More Secure Software. Microsoft Press, Redmond (2006)Google Scholar
  5. 5.
    Gary, M.: Software Security: Building Security. Addison Wesley, Reading (2006)Google Scholar
  6. 6.
    Mead, N.R., Houg, E.D., Stehney, T.R.: Security Quality Requirements Engineering (Square) Methodology. Software Eng. Inst., Carnegie Mellon Univ. (2005)Google Scholar
  7. 7.
    Boström., G., et al.: Extending XP Practices to Support Security Requirements Engineering. In: International Workshop Software Eng. for Secure Systems, SESS (2006)Google Scholar
  8. 8.
    Bart, R.S., Koen, D., Johan, B., Wouter, G.: On the secure software development process: CLASP, SDL and Touchpoints compared. Information and Software Technology, 1152–1171 (2008)Google Scholar
  9. 9.
    Simidchieva, B.I., Clarke. L.A., Osterweil, L.J.: Representing Process Variation with a Process Family. In: International Conference on Software Process (2007)Google Scholar
  10. 10.
    Sutton, S.M., Osterweil, L.J.: Product families and process families. In: Software Process Workshop (1996)Google Scholar
  11. 11.
    Buyens, J.G.K., Win, B.D., Scandariato, R., Joosen, W.: Similarities and differences between CLASP, SDL, and Touchpoints: the activity-matrix, K.U. Leuven, Department of Computer Science (2007)Google Scholar
  12. 12.
    Ambler, S.W.: Process Patterns: Building Large-Scale Systems using Object technology. SIGS Books/Cambridge University Press, New York (1998)Google Scholar
  13. 13.
    Land, I.C.R., Larsson, S.: Process Patterns for Software Systems In-house Integration and Merge – Experiences from Industry. In: Software Engineering and Advanced Applications (2005)Google Scholar
  14. 14.
    Wang, Y., Meng, X.-x., Shi, L., Wang, F.-j.: A Process Pattern Language for Agile Methods. In: Asia-Pacific Software Engineering Conference (2007)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Jia-kuan Ma
    • 1
  • Ya-sha Wang
    • 1
  • Lei Shi
    • 1
  • Hong Mei
    • 1
  1. 1.Key Laboratory of High Confidence Software Technologies, Ministry of Education School of Electronics Engineering and Computer SciencePeking UniversityBeijingChina

Personalised recommendations