Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/Comcast/xCompass
This repository hosts a persona based privacy threat modeling solution called Models of Applied Privacy or MAP.
https://github.com/Comcast/xCompass
privacy privacy-by-design privacy-engineering threat-modeling
Last synced: about 1 month ago
JSON representation
This repository hosts a persona based privacy threat modeling solution called Models of Applied Privacy or MAP.
- Host: GitHub
- URL: https://github.com/Comcast/xCompass
- Owner: Comcast
- License: apache-2.0
- Created: 2022-11-03T19:08:07.000Z (about 2 years ago)
- Default Branch: main
- Last Pushed: 2024-10-29T13:24:36.000Z (about 1 month ago)
- Last Synced: 2024-10-29T14:35:06.934Z (about 1 month ago)
- Topics: privacy, privacy-by-design, privacy-engineering, threat-modeling
- Homepage:
- Size: 18.5 MB
- Stars: 18
- Watchers: 7
- Forks: 4
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE-Apache-2.0
- Code of conduct: CODE_OF_CONDUCT.md
- Security: SECURITY.md
- Roadmap: ROADMAP.md
Awesome Lists containing this project
- awesome-privacy-engineering - xCompass - A privacy threat modeling persona framework that developers can use to test and document privacy threats, and find edge cases of privacy harm (formerly named Models of Applied Privacy (MAP)). (Awesome Privacy Engineering [![Awesome](https://awesome.re/badge.svg)](https://awesome.re) / Privacy Threat Modeling)
README
[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/Comcast/xCompass/badge)](https://securityscorecards.dev/viewer/?uri=github.com/Comcast/xCompass)
# xCOMPASS (COMcast Privacy ASSistant)
xCOMPASS is a questionnaire developed from Models of Applied Privacy (MAP) personas. Privacy Threat Modeling (PTM) is part of software development lifecycle (SDL) along with the increasing awareness of data privacy. Unfortunately, PTM comes with the following limitations. First, it mostly involves human experts (i.e., threat modelers) with much manual effort. Second, it is usually performed later in the SDL pipeline, during which much development work has been finished. Third, the app developer is usually not familiar with privacy principles (e.g., privacy laws) that can guide the development process. To address these problems, xCOMPASS presents a lightweight questionnaire (i.e., yes-no questions), identifies privacy requirements based on the answers, and maps the requirements to privacy principles (e.g., privacy laws) and mitigation strategies (e.g., de-identification).
For more information, please follow these links:
- [xCOMPASS questionnaire](https://github.com/Comcast/xCOMPASS/tree/main/questionnaire)
- [MAP personas](https://github.com/Comcast/xCOMPASS/tree/main/personas)# Quickstart
Please stay tuned! This section is a work in progress. :grin:
# Who Can Benefit
Please stay tuned! This section is a work in progress. :grin:
# What I Can Do with It
Please stay tuned! This section is a work in progress. :grin:
# Contribution
We welcome all kinds of contributions to this repository! Please have a look at [CONTRIBUTING.md](https://github.com/Comcast/xCompass/blob/main/CONTRIBUTING.md) for further information and guidelines.
# Maintainers
The list of maintainers of this GitHub repository is available in [MAINTAINERS.md](https://github.com/Comcast/xCOMPASS/blob/main/MAINTAINERS.md). Please consider becoming a maintainer! :smiley:
# Roadmap
Roadmap information is available in [ROADMAP.md](https://github.com/Comcast/xCOMPASS/blob/main/ROADMAP.md).
# List of Publications
Jayati Dev, Bahman Rashidi, Vaibhav Garg. [Models of Applied Privacy (MAP): A Persona Based Approach to Threat Modeling.](https://dl.acm.org/doi/fullHtml/10.1145/3544548.3581484) In Proceedings of the 2023 CHI Conference on Human Factors in Computing Systems (CHI '23).
# List of Talks
- Rahmadi Trimananda. [The Golden xCOMPASS: The Compass You Need to Navigate through the App-Privacy Universe!](https://www.usenix.org/conference/soups2024/technical-sessions) USENIX SOUPS 2024 Lightning Talks.
- Rahmadi Trimananda. [The Golden xCOMPASS: The Compass You Need to Navigate through the App-Privacy Universe!](https://digitalprivacy.ieee.org/events/digital-privacy-workshop) IEEE Digital Privacy Workshop 2024.
- Rahmadi Trimananda. [The Golden xCOMPASS: The Compass You Need to Navigate through the App-Privacy Universe!](https://lascon.org/speakers/) OWASP LASCON 2024.# Visibility on Other Websites
xCOMPASS has been proudly listed as an open-sourced privacy engineering requirements identification tool on various websites including:
- [NIST Privacy Risk Assessment Tools](https://www.nist.gov/itl/applied-cybersecurity/privacy-engineering/collaboration-space/privacy-risk-assessment/tools)
- [CISA Free Cybersecurity Services and Tools](https://www.cisa.gov/resources-tools/services/xcompass)
- [OWASP Free for Open Source Application Security Tools](https://owasp.org/www-community/Free_for_Open_Source_Application_Security_Tools)# License
Licensed under [Apache 2.0](https://github.com/Comcast/MAP/blob/main/LICENSE-Apache-2.0).