Loading…
← Back to schedule
From ASVS to APVS: What Changes When You Treat Privacy as a System Property?
Friday June 26, 2026 10:30am - 11:15am CEST
Hall D (Level -2)
Privacy is increasingly expected to be “built in by design”, yet most privacy guidance remains legal, abstract, or disconnected from how systems are actually designed and reviewed. As a result, privacy is still treated as a compliance exercise rather than an engineering discipline.

In this talk, we share early lessons from the OWASP Privacy Project and our work on the Application Privacy Verification Standard (APVS). Drawing on familiar AppSec concepts such as ASVS, threat modeling, and weakness classification, we explore what changes when privacy is treated as a system property rather than a checkbox.

We discuss where traditional security controls fall short, how privacy risks can exist without attackers or breaches, and how we are translating high-level privacy principles into actionable guidance for architects and developers. This is not a finished standard, but a candid look at what works, what doesn’t, and where practitioner feedback is essential as the project evolves.
Speakers
avatar for Matthew Coles

Matthew Coles

Product Security Architect/Technologist

Matthew Coles is a Product Security Architect and Technologist with 20+ years experience working with business leaders and developers to secure hardware and software systems and processes. He is a technical contributor to community standard initiatives such as OpenSSF and OWASP, a... Read More →
avatar for Kim Wuyts

Kim Wuyts

Manager Cyber & Privacy, PwC Belgium

Dr. Kim Wuyts is a leading privacy engineer with over 15 years of experience in security and privacy. Before joining PwC Belgium as Manager Cyber & Privacy, Kim was a senior researcher at KU Leuven where she led the development and extension of LINDDUN, a popular privacy threat modeling... Read More →
avatar for Avi Douglen

Avi Douglen

Software Security Consultant, Bounce Security
Avi Douglen is the founder and CEO at Bounce Security, a boutique consultancy specializing in software security, where he spends a lot of time with development teams of all sizes. He helps them integrate security methodologies and products into their development processes, and often... Read More →
Friday June 26, 2026 10:30am - 11:15am CEST
Hall D (Level -2)
  Planning and Design

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share

Get help with the event

Contact event planner Event login
View support guides Find upcoming events
Create an event you'd love to attend!
Explore why organizers choose Sched Success stories
Event App Event scheduling Event registration Event ticketing Sched forms Call for papers Badges Conferences
© 2026. SCHED LLC - All rights reserved - Helping events since 2008
Event Planning Software Privacy Terms
Share Modal

Share this link via

Or copy link