The Shifting Privacy Left Podcast S2E14: Addressing Privacy with Static Analysis Techniques Like ‘Taint-Tracking’ & ‘Data Flow Analysis’ with Suchakra Sharma (Privado.ai)
This week, we welcome Suchakra Sharma, Chief Scientist at Privado.ai, where he builds code analysis tools for data privacy & security. Previously, he earned his PhD in Computer Engineering from Polytechnique Montreal, where he worked on eBPF Technology and hardware-assisted tracing techniques for OS Analysis. In this conversation, we delve into Suchakra’s background in shifting left for security and how he applies traditional, tested static analysis techniques — such as 'taint tracking' and 'data flow analysis' — for use on large code bases at scale to help fix privacy leaks right at the source.
---------
Thank you to our sponsor, Privado, the developer friendly privacy platform.
---------
Suchakra aligns himself with the philosophical aspects of privacy and wishes to work on anything that helps in limiting the erosion of privacy in modern society, since privacy is fundamental to all of us. These kinds of needs have always been here, and as societies have advanced, this is a time when we require more guarantees of privacy. After all, it is humans that are behind systems and it is humans that are going to be affected by the machines that we build. Check out this fascinating discussion on how to shift privacy left in your organization.
Topics Covered:
- Why Suchakra was interested in privacy after focusing on static code analysis for security
- What 'shift left' means and lessons learned from the 'shift security left' movement that can be applied to 'shift privacy left' efforts
- Sociological perspectives on how humans developed a need for keeping things 'private' from others
- How to provide engineering-focused guarantees around privacy today & what the role should be of engineers within this 'shift privacy left' paradigm
- Suchakra's USENIX Enigma talk & discussion of 'taint tracking' & 'data flow analysis' techniques
- Which companies should build in-house tooling for static analysis, and which should be outsourcing to experienced vendors like Privado
- How to address 'privacy bugs' in code; why it's important to have an 'auditor's mindset;' &, why we'll see 'Privacy Bug Bounty Programs' soon
- Suchakra's advice to engineering managers to move the needle on privacy in their orgs
Resources Mentioned:
- Join Privado's Slack Community
- Review Privado's Open Source Code Scanning Tools
Guest Info:
- Connect with Suchakra on LinkedIn
Privacy assurance at the speed of product development. Get instant visibility w/ privacy code scans.
Shifting Privacy Left Media
Where privacy engineers gather, share, & learn
Buzzsprout - Launch your podcast
Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.
Copyright © 2022 - 2024 Principled LLC. All rights reserved.