top of page

What is LINDDUN?

LINDDUN is a privacy threat modeling methodology that supports analysts in systematically eliciting and mitigating privacy threats in software architectures.

LINDDUN provides support to guide you through the threat modeling process in a structured way.

In addition, LINDDUN provides privacy knowledge support to enable also non-privacy experts to reason about privacy threats. LINDDUN is a mnemonic for the privacy threat categories it supports:

LINDDUN privacy engineering

Systematic elicitation and mitigation of privacy threats in software systems

Privacy is becoming a key issue in today's s digital world. Not only is awareness growing among consumers, GDPR enforces the implementation of Privacy-by-Design and Privacy-by-Default paradigms to be embedded within the software development lifecycle. But how should you execute a thorough privacy assessment of your software system?

What is LINDDUN?


LINDDUN was created to provide support for a thorough, systematic privacy threat assessment. It will guide you through each step and ensures exhaustive coverage and documentation of the privacy threat modeling process, and includes an extensive knowledge base of potential privacy threats.


Recently, LINDDUN GO has been added. As it gives you a quick start to privacy threat modeling, it is perfect for those who are getting started with threat modeling or for those who are looking for a more light-weight approach.


Why use LINDDUN?


You need to know what can go wrong in order to assess its risk and fix it.

Systematic methodology

A thorough privacy assessment can only be guaranteed by a systematic execution of a step-by-step method that guides you through the analysis.

Knowledge support

Privacy is a complex matter. A repository documenting expert privacy knowledge on common threats and suggested solutions is indispensible.

Why use LINDUN?

What's new?

I’m a paragraph. Double click here or click Edit Text to add some text of your own or to change the font. This is the place for you to tell your site visitors a little bit about you and your services.



What experts are saying

 "The LINDDUN methodology broadly shares the principles of the CNIL method but it puts forward a more systematic approach based on data flow diagrams and privacy threat tree patterns." 

"LINDDUN is, in many ways, one of the most serious and thought-provoking approaches to privacy threat modeling, and those seriously interested in privacy should take a look at it."

"A privacy threat framework was defined by KU Leuven that led to the LINDDUN methodology."

on privacy engineering, 2019

Annex C also summarize LINDDUN's threats elicitation process and mitigation strategies

 "Another example of a privacy engineering methodology, in this particular case stressing the risk analysis dimension, is the LINDDUN approach developed at Leuven University" 

bottom of page