A Taste of Privacy Threat Modeling

The presentation discusses the importance of threat modeling in ensuring privacy and security in software development. It highlights the different approaches and resources available for successful threat modeling.

• Threat modeling is crucial for ensuring privacy and security in software development
• There are different approaches and resources available for successful threat modeling, such as the Threat Modeling Manifesto, Linden, and Stride
• Threat modeling should be done early in the development cycle, but it's never too late to do it
• Threat modeling should be a continuous process and the output should be used as input for subsequent steps
• Threat modeling can be easy and fun, as illustrated by the example of analyzing a doll's privacy risks

The presentation uses the example of a doll called My Friend Kayla, which was banned in Germany due to privacy concerns. The doll is a Bluetooth-enabled device that sends voice recordings to a back-end system for processing. The presentation uses this example to illustrate the importance of understanding the system's data flow and identifying potential privacy risks.

Join us for a delicious journey into the world of privacy engineering! As data protection legislation becomes increasingly prevalent, it's more important than ever to understand how to keep your software systems safe from privacy threats. In this talk, we'll explore what privacy is all about, why it matters, and how threat modeling can help you introduce it early on in the software development lifecycle. We'll tackle some common misconceptions about privacy and threat modeling along the way. And we'll talk about ice cream. Yum!