Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/Comcast/xCompass

This repository hosts a persona based privacy threat modeling solution called Models of Applied Privacy or MAP.
https://github.com/Comcast/xCompass

privacy privacy-by-design privacy-engineering threat-modeling

Last synced: about 3 hours ago
JSON representation

This repository hosts a persona based privacy threat modeling solution called Models of Applied Privacy or MAP.

Host: GitHub
URL: https://github.com/Comcast/xCompass
Owner: Comcast
License: apache-2.0
Created: 2022-11-03T19:08:07.000Z (about 2 years ago)
Default Branch: main
Last Pushed: 2024-10-29T13:24:36.000Z (7 days ago)
Last Synced: 2024-10-29T14:35:06.934Z (7 days ago)
Topics: privacy, privacy-by-design, privacy-engineering, threat-modeling
Homepage:
Size: 18.5 MB
Stars: 18
Watchers: 7
Forks: 4
Open Issues: 0
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE-Apache-2.0
- Code of conduct: CODE_OF_CONDUCT.md
- Security: SECURITY.md
- Roadmap: ROADMAP.md

Awesome Lists containing this project

awesome-privacy-engineering - xCompass - A privacy threat modeling persona framework that developers can use to test and document privacy threats, and find edge cases of privacy harm (formerly named Models of Applied Privacy (MAP)). (Awesome Privacy Engineering [![Awesome](https://awesome.re/badge.svg)](https://awesome.re) / Privacy Threat Modeling)

README

[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/Comcast/xCompass/badge)](https://securityscorecards.dev/viewer/?uri=github.com/Comcast/xCompass)

# xCOMPASS (COMcast Privacy ASSistant)

xCOMPASS is a questionnaire developed from Models of Applied Privacy (MAP) personas. Privacy Threat Modeling (PTM) is part of software development lifecycle (SDL) along with the increasing awareness of data privacy. Unfortunately, PTM comes with the following limitations. First, it mostly involves human experts (i.e., threat modelers) with much manual effort. Second, it is usually performed later in the SDL pipeline, during which much development work has been finished. Third, the app developer is usually not familiar with privacy principles (e.g., privacy laws) that can guide the development process. To address these problems, xCOMPASS presents a lightweight questionnaire (i.e., yes-no questions), identifies privacy requirements based on the answers, and maps the requirements to privacy principles (e.g., privacy laws) and mitigation strategies (e.g., de-identification).

For more information, please follow these links:

- [xCOMPASS questionnaire](https://github.com/Comcast/xCOMPASS/tree/main/questionnaire)
- [MAP personas](https://github.com/Comcast/xCOMPASS/tree/main/personas)

# Quickstart

Please stay tuned! This section is a work in progress. :grin:

# Who Can Benefit

Please stay tuned! This section is a work in progress. :grin:

# What I Can Do with It

Please stay tuned! This section is a work in progress. :grin:

# Contribution

We welcome all kinds of contributions to this repository! Please have a look at [CONTRIBUTING.md](https://github.com/Comcast/xCompass/blob/main/CONTRIBUTING.md) for further information and guidelines.

# Maintainers

The list of maintainers of this GitHub repository is available in [MAINTAINERS.md](https://github.com/Comcast/xCOMPASS/blob/main/MAINTAINERS.md). Please consider becoming a maintainer! :smiley:

# Roadmap

Roadmap information is available in [ROADMAP.md](https://github.com/Comcast/xCOMPASS/blob/main/ROADMAP.md).

# List of Publications

Jayati Dev, Bahman Rashidi, Vaibhav Garg. [Models of Applied Privacy (MAP): A Persona Based Approach to Threat Modeling.](https://dl.acm.org/doi/fullHtml/10.1145/3544548.3581484) In Proceedings of the 2023 CHI Conference on Human Factors in Computing Systems (CHI '23).

# List of Talks

- Rahmadi Trimananda. [The Golden xCOMPASS: The Compass You Need to Navigate through the App-Privacy Universe!](https://www.usenix.org/conference/soups2024/technical-sessions) USENIX SOUPS 2024 Lightning Talks.
- Rahmadi Trimananda. [The Golden xCOMPASS: The Compass You Need to Navigate through the App-Privacy Universe!](https://digitalprivacy.ieee.org/events/digital-privacy-workshop) IEEE Digital Privacy Workshop 2024.
- Rahmadi Trimananda. [The Golden xCOMPASS: The Compass You Need to Navigate through the App-Privacy Universe!](https://lascon.org/speakers/) OWASP LASCON 2024.

# Visibility on Other Websites

xCOMPASS has been proudly listed as an open-sourced privacy engineering requirements identification tool on various websites including:

- [NIST Privacy Risk Assessment Tools](https://www.nist.gov/itl/applied-cybersecurity/privacy-engineering/collaboration-space/privacy-risk-assessment/tools)
- [CISA Free Cybersecurity Services and Tools](https://www.cisa.gov/resources-tools/services/xcompass)
- [OWASP Free for Open Source Application Security Tools](https://owasp.org/www-community/Free_for_Open_Source_Application_Security_Tools)

# License

Licensed under [Apache 2.0](https://github.com/Comcast/MAP/blob/main/LICENSE-Apache-2.0).