Abstract
Over the past decade, a variety of methods have been created to address security vulnerabilities in application software development. Generally speaking, the methods that have risen to prominence can be categorized in two ways — prescriptive methods that emphasize the use of security practices and techniques as part of a carefully monitored and repeatable security initiative, and descriptive methods that describe a set of security threats that should be addressed.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Additional information
David C. Ladd is a Principal Group Program Manager at Microsoft. He drives Microsoft’s SDL program for third party developers and oversees program management for developer security tools used with SDL.
Steven B. Lipner Senior Director of Security Engineering Strategy, Microsoft’s Trustworthy Compu-ting Group. He is responsible for Microsoft’s Security Development Life-cycle team.
Rights and permissions
About this article
Cite this article
Ladd, D.C., Lipner, S.B. Prescriptive vs. Descriptive Security. Datenschutz Datensich 36, 631–634 (2012). https://doi.org/10.1007/s11623-012-0216-1
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11623-012-0216-1