The Future of Privacy


Is there a future for privacy?

The target of this session is to illuminate security of personal data from a strategic point of view: Risks, controls & measures, and future trends. At the end of this discussion process there could be a set of expert statements concerning now and future challenges for improving the security of personal data. This set of statements we can use for a public OWASP privacy-campaign. During OWASP Summit 2011 there was already a session concerning privacy (see(1)) - the widespread results of this workshop may serve as a basis for this session.

You may say: Privacy is not a principal point in the work of OWASP. But let me counter:

  • Privacy is a very important topic for really everyone, it’s a topic of information security - so it should be for OWASP too.
  • Improving privacy in future will be primarily a software challenge - especially for web applications and IoT. That is OWASP.
  • OWASP is well known by experts, but not in the public. I think OWASP should have more weight in public discussion. And a privacy campaign might be a tool to raise public attention.

Questions:

  • Personal data risk assessment: Definition and categorization of assets, criticality, vulnerabilities, threat vectors, risks. Which work is already done, what has still to be worked out?
  • Privacy-“triage”: which kinds of data are already “lost”, which can still be saved?
  • Which technical solutions we will be needed in future - not what is technical possible but what is needed from the viewpoint of individuals?
  • Which are the upcoming challenges of web application security for improving privacy / protection of personal data?
  • Who are the stakeholders of these technical developments
  • Which driving forces can be used for kick-off development processes?

Potential outcomes

  • OWASP Privacy statements
  • Concept of a campaign and compliance of OWASP community and foundation, road map

Participants:

  • Everyone who cares about privacy.

References: (1) OWASP Summit 2011 Working Session “Privacy” ( https://www.owasp.org/index.php/Talk:Summit_2011_Working_Sessions/Session073 )



Back to list of all Working Sessions and Tracks

Edit this page here