-
Notifications
You must be signed in to change notification settings - Fork 3
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #29 from Comcast/rtrimana-patch-22
Update README.md
- Loading branch information
Showing
1 changed file
with
13 additions
and
19 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,53 +1,47 @@ | ||
[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/Comcast/xCompass/badge)](https://securityscorecards.dev/viewer/?uri=github.com/Comcast/xCompass) | ||
|
||
<h1> xCOMPASS (COMcast Privacy ASSistant) </h1> | ||
# xCOMPASS (COMcast Privacy ASSistant) | ||
|
||
<img align="right" src="https://github.com/Comcast/xCOMPASS/blob/main/personas/figures/compass-logo-png.png"> | ||
<div align="justify">xCOMPASS is a questionnaire developed from <a href='https://github.com/Comcast/xCOMPASS/tree/main/personas'>Models of Applied Privacy (MAP)</a> personas. Privacy Threat Modeling (PTM) is part of software development lifecycle (SDL) along with the increasing awareness of data privacy. Unfortunately, PTM comes with the following limitations. First, it mostly involves human experts (i.e., threat modelers) with much manual effort. Second, it is usually performed later in the SDL pipeline, during which much development work has been finished. Third, the app developer is usually not familiar with privacy principles (e.g., privacy laws) that can guide the development process. To address these problems, xCOMPASS presents a lightweight questionnaire (i.e., yes-no questions), identifies privacy requirements based on the answers, and maps the requirements to privacy principles (e.g., privacy laws) and mitigation strategies (e.g., de-identification).</div> | ||
|
||
<h1> Learn More </h1> | ||
# Learn More | ||
|
||
Please feel free to learn more about the questionnaire questions, as well as MAP framework by following these links: | ||
|
||
- [xCOMPASS Questionnaire](https://github.com/Comcast/xCOMPASS/tree/main/questionnaire) | ||
- [Models of Applied Privacy (MAP) personas](https://github.com/Comcast/xCOMPASS/tree/main/personas) | ||
|
||
<h1> How to Contribute? </h1> | ||
We welcome all kinds of contributions to this framework, especially: | ||
|
||
- Changes to xCOMPASS questions, language, typos, fixes, etc. | ||
- Deeper dive into privacy design strategies. | ||
- Linking to other principles beyond FIPPS. | ||
- Additional personas beyond those already in [xCOMPASS.md](/xCOMPASS/personas.md), using the different combinations from the framework above. | ||
- Specific use cases of MAP (please create a new folder for each use case) in your industry, even if hypothetical. | ||
- Changes to language, typos, fixes, etc. | ||
# Contribution | ||
|
||
However, if you have other ideas, albeit simple, please do not hesitate to connect with us. For contribution to xCOMPASS questionnaire, please find more information [here](https://github.com/Comcast/xCompass/edit/main/xCOMPASS/README.md#-how-to-contribute-). Please also have a look at more instructions to commit your contribution in [CONTRIBUTING.md](https://github.com/Comcast/xCompass/blob/main/CONTRIBUTING.md). | ||
We welcome all kinds of contributions to this repository! Please have a look at [CONTRIBUTING.md](https://github.com/Comcast/xCompass/blob/main/CONTRIBUTING.md) for further information and guidelines. | ||
|
||
<h1> Maintainers </h1> | ||
# Maintainers | ||
|
||
The list of maintainers of this GitHub repository is available in [MAINTAINERS.md](https://github.com/Comcast/xCOMPASS/blob/main/MAINTAINERS.md). | ||
The list of maintainers of this GitHub repository is available in [MAINTAINERS.md](https://github.com/Comcast/xCOMPASS/blob/main/MAINTAINERS.md). Please consider becoming a maintainer! :smiley: | ||
|
||
<h1> Roadmap </h1> | ||
# Roadmap | ||
|
||
Roadmap information is available in [ROADMAP.md](https://github.com/Comcast/xCOMPASS/blob/main/ROADMAP.md). | ||
|
||
<h1> List of Publications </h1> | ||
# List of Publications | ||
|
||
Jayati Dev, Bahman Rashidi, Vaibhav Garg. [Models of Applied Privacy (MAP): A Persona Based Approach to Threat Modeling.](https://dl.acm.org/doi/fullHtml/10.1145/3544548.3581484) In Proceedings of the 2023 CHI Conference on Human Factors in Computing Systems (CHI '23). | ||
|
||
<h1> List of Talks </h1> | ||
# List of Talks | ||
|
||
- Rahmadi Trimananda. [The Golden xCOMPASS: The Compass You Need to Navigate through the App-Privacy Universe!](https://www.usenix.org/conference/soups2024/technical-sessions) USENIX SOUPS 2024 Lightning Talks. | ||
- Rahmadi Trimananda. [The Golden xCOMPASS: The Compass You Need to Navigate through the App-Privacy Universe!](https://digitalprivacy.ieee.org/events/digital-privacy-workshop) IEEE Digital Privacy Workshop 2024. | ||
- Rahmadi Trimananda. [The Golden xCOMPASS: The Compass You Need to Navigate through the App-Privacy Universe!](https://lascon.org/speakers/) OWASP LASCON 2024. | ||
|
||
<h1> Visibility on Other Websites </h1> | ||
# Visibility on Other Websites | ||
|
||
xCOMPASS has been proudly listed as an open-sourced privacy engineering requirements identification tool on various websites including: | ||
|
||
- [NIST Privacy Risk Assessment Tools](https://www.nist.gov/itl/applied-cybersecurity/privacy-engineering/collaboration-space/privacy-risk-assessment/tools) | ||
- [CISA Free Cybersecurity Services and Tools](https://www.cisa.gov/resources-tools/services/xcompass) | ||
- [OWASP Free for Open Source Application Security Tools](https://owasp.org/www-community/Free_for_Open_Source_Application_Security_Tools) | ||
|
||
<h1> License </h1> | ||
# License | ||
|
||
Licensed under [Apache 2.0](https://github.com/Comcast/MAP/blob/main/LICENSE-Apache-2.0). |