What is LINDDUN?
LINDDUN is a privacy threat modeling methodology that supports analysts in systematically eliciting and mitigating privacy threats in software architectures.
LINDDUN provides support to guide you through the threat modeling process in a structured way.
In addition, LINDDUN provides privacy knowledge support to enable also non-privacy experts to reason about privacy threats. LINDDUN is a mnemonic for the privacy threat categories it supports:
LINDDUN privacy engineering
Systematic elicitation and mitigation of privacy threats in software systems
Privacy is becoming a key issue in today's s digital world. Not only is awareness growing among consumers, GDPR enforces the implementation of Privacy-by-Design and Privacy-by-Default paradigms to be embedded within the software development lifecycle. But how should you execute a thorough privacy assessment of your software system?
Why use LINDDUN?
You need to know what can go wrong in order to assess its risk and fix it.
A thorough privacy assessment can only be guaranteed by a systematic execution of a step-by-step method that guides you through the analysis.
Privacy is a complex matter. A repository documenting expert privacy knowledge on common threats and suggested solutions is indispensible.
What experts are saying
"The LINDDUN methodology broadly shares the principles of the CNIL method but it puts forward a more systematic approach based on data flow diagrams and privacy threat tree patterns."
"LINDDUN is, in many ways, one of the most serious and thought-provoking approaches to privacy threat modeling, and those seriously interested in privacy should take a look at it."
"A privacy threat framework was defined by KU Leuven that led to the LINDDUN methodology."
on privacy engineering, 2019
Annex C also summarize LINDDUN's threats elicitation process and mitigation strategies
"Another example of a privacy engineering methodology, in this particular case stressing the risk analysis dimension, is the LINDDUN approach developed at Leuven University"