At Clever, it’s important we always use a “privacy by design” approach when releasing new features. In other words, we want to design our products with privacy in mind from day one—and on equal footing with core considerations like usability.
Alex Smolen, our lead security engineer, talked about this process at Mozilla’s series of SF Privacy Labs last year and how we used it with Clever Badges. It’s a great example of privacy by design, but we wanted to share how we approached it for something a bit trickier in its own way: our new universal SSO solution.
Read Alex’s post about how the team used threat modeling, along with code reviews and other secure software development practices, to identify threats, reduce risk, and ensure the overall security of the resulting system.