The Shifting Privacy Left Podcast cover image

The Shifting Privacy Left Podcast

S2E14: Addressing Privacy with Static Analysis Techniques Like ‘Taint-Tracking’ & ‘Data Flow Analysis’ with Suchakra Sharma (Privado.ai)

Apr 11, 2023
34:42

This week, we welcome Suchakra Sharma, Chief Scientist at Privado.ai, where he builds code analysis tools for data privacy & security. Previously, he earned his PhD in Computer Engineering from Polytechnique Montreal, where he worked on eBPF Technology and hardware-assisted tracing techniques for OS Analysis. In this conversation, we delve into Suchakra’s background in shifting left for security and how he applies traditional, tested static analysis techniques — such as 'taint tracking' and 'data flow analysis' — for use on large code bases at scale to help fix privacy leaks right at the source.

---------
Thank you to our sponsor, Privado, the developer friendly privacy platform.
---------

Suchakra aligns himself with the philosophical aspects of privacy and wishes to work on anything that helps in limiting the erosion of privacy in modern society, since privacy is fundamental to all of us. These kinds of needs have always been here, and as societies have advanced, this is a time when we require more guarantees of privacy. After all, it is humans that are behind systems and it is humans that are going to be affected by the machines that we build. Check out this fascinating discussion on how to shift privacy left in your organization.

Topics Covered:

  • Why Suchakra was interested in privacy after focusing on static code analysis for security
  • What 'shift left' means and lessons learned from the 'shift security left' movement that can be applied to 'shift privacy left' efforts
  • Sociological perspectives on how humans developed a need for keeping things 'private' from others
  • How to provide engineering-focused guarantees around privacy today & what the role should be of engineers within this 'shift privacy left' paradigm
  • Suchakra's USENIX Enigma talk & discussion of 'taint tracking' & 'data flow analysis' techniques
  • Which companies should build in-house tooling for static analysis, and which should be outsourcing to experienced vendors like Privado
  • How to address 'privacy bugs' in code; why it's important to have an 'auditor's mindset;' &, why we'll see 'Privacy Bug Bounty Programs' soon
  • Suchakra's advice to engineering managers to move the needle on privacy in their orgs

Resources Mentioned:

Guest Info:

Send us a text



Privado.ai
Privacy assurance at the speed of product development. Get instant visibility w/ privacy code scans.

Shifting Privacy Left Media
Where privacy engineers gather, share, & learn

Buzzsprout - Launch your podcast


Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.

Copyright © 2022 - 2024 Principled LLC. All rights reserved.

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.
App store bannerPlay store banner

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode