EVALUATING THE EFFECTIVENESS OF A COMPREHENSIVE LIGHTWEIGHT APPLICATION SECURITY PROCESS FRAMEWORK IN CAPTURING SECURITY REQUIREMENTS AMONG NOVICE DEVELOPERS

Abstract

Existing evaluations of the security requirement framework often have a limited focus on capturing security requirements, leaving gaps in understanding their effectiveness and usability. This study investigates the effectiveness and usability of the Comprehensive, Lightweight Application Security Process (CLASP) framework in capturing and documenting security requirements, particularly for novice developers. This research examines how effective and usable the CLASP framework is in assisting novice developers in identifying security requirements. This study employed an experimental methodology, dividing participants into groups, providing structured educational materials, and guiding them through the CLASP framework using a controlled case study. Participants prepared security requirements by completing the CLASP templates, and CLASP framework effectiveness was evaluated using task completion rates and “task with error” analysis. CLASP’s usability was evaluated based on the System Usability Scale (SUS). Using an online bakery system as a case study, 55 undergraduate students assessed CLASP's effectiveness and usability regarding documentation quality and overall usability in enhancing security requirements identification. Results indicate high usability scores, particularly for novice developers, and validate the efficiency of the CLASP frameworks. However, limitations such as a small sample size, reliance on self-reported feedback, and the focus on a single case study are acknowledged. The findings from this study contribute to the existing body of knowledge by providing empirical evidence of CLASP’s impact on improving security documentation practices.