add content for LINDDUN GO

Author: jgadsden

.github/workflows/release.yaml

@@ -20,7 +20,7 @@ jobs:
         run: |
           cd draft
           pwd
-          find . -name "*.md" ! -name "info.md" ! -name "01-front.md" -exec cp '{}' '../release/{}' \;
+          find . -name "*.md" ! -name "info.md" -exec cp '{}' '../release/{}' \;
 
       - name: Fix up markdown
         run: |
@@ -83,7 +83,7 @@ jobs:
       - name: Create pull request
         uses: peter-evans/[email protected]
         with:
-          title: "Release for version $GITHUB_REF_NAME"
+          title: "Release for version ${{ GITHUB_REF_NAME }}"
           body: |
             **Summary** :  
             Pull request automatically generated for the latest release version  

.wordlist.txt

@@ -469,4 +469,8 @@ testssl
 DrHEADer
 csp
 DocX
-MOBI
+MOBI
+linddun
+LINNDUN
+DPO
+CISO

_data/draft.yaml

@@ -61,10 +61,13 @@ docs:
 - title: '4.1.3 Threat Dragon'
   url: design/threat_modeling/threat_dragon
 
-- title: '4.1.4 Threat Modeling and Cornucopia'
+- title: '4.1.4 Cornucopia'
   url: design/threat_modeling/cornucopia
 
-- title: '4.1.5 Threat Modeling toolkit'
+- title: '4.1.5 LINDDUN GO'
+  url: design/threat_modeling/linddun-go
+
+- title: '4.1.6 Threat Modeling toolkit'
   url: design/threat_modeling/toolkit
 
 - title: '4.2 Web application checklist'

_data/release.yaml

@@ -61,10 +61,13 @@ docs:
 - title: '4.1.3 Threat Dragon'
   url: design/threat_modeling/threat_dragon
 
-- title: '4.1.4 Threat Modeling and Cornucopia'
+- title: '4.1.4 Cornucopia'
   url: design/threat_modeling/cornucopia
 
-- title: '4.1.5 Threat Modeling toolkit'
+- title: '4.1.5 LINDDUN GO'
+  url: design/threat_modeling/linddun-go
+
+- title: '4.1.6 Threat Modeling toolkit'
   url: design/threat_modeling/toolkit
 
 - title: '4.2 Web application checklist'

draft/02-toc.md

@@ -37,8 +37,9 @@ permalink:
 4.1.1 [Threat modeling in practice](#threat-modeling-in-practice)  
 4.1.2 [Pythonic Threat Modeling](#pythonic-threat-modeling)  
 4.1.3 [Threat Dragon](#threat-dragon)  
-4.1.4 [Threat Modeling and Cornucopia](#cornucopia)  
-4.1.5 [Threat Modeling toolkit](#threat-modeling-toolkit)  
+4.1.4 [Cornucopia](#cornucopia)  
+4.1.5 [LINDDUN GO](#linddun-go)  
+4.1.6 [Threat Modeling toolkit](#threat-modeling-toolkit)  
 4.2 [Web application checklist](#web-application-checklist)  
 4.2.1 [Checklist: Define Security Requirements](#checklist-define-security-requirements)  
 4.2.2 [Checklist: Leverage Security Frameworks and Libraries](#checklist-leverage-security-frameworks-and-libraries)  

draft/06-design/00-toc.md

@@ -50,8 +50,9 @@ Sections:
 4.1.1 [Threat modeling in practice](#threat-modeling-in-practice)  
 4.1.2 [Pythonic Threat Modeling](#pythonic-threat-modeling)  
 4.1.3 [Threat Dragon](#threat-dragon)  
-4.1.4 [Threat Modeling and Cornucopia](#cornucopia)  
-4.1.5 [Threat Modeling toolkit](#threat-modeling-toolkit)  
+4.1.4 [Cornucopia](#cornucopia)  
+4.1.5 [LINDDUN GO](#linddun-go)  
+4.1.6 [Threat Modeling toolkit](#threat-modeling-toolkit)  
 4.2 [Web application checklist](#web-application-checklist)  
 4.2.1 [Checklist: Define Security Requirements](#checklist-define-security-requirements)  
 4.2.2 [Checklist: Leverage Security Frameworks and Libraries](#checklist-leverage-security-frameworks-and-libraries)  

draft/06-design/01-threat-modeling/00-toc.md

@@ -31,8 +31,9 @@ Sections:
 4.1.1 [Threat modeling in practice](#threat-modeling-in-practice)  
 4.1.2 [Pythonic Threat Modeling](#pythonic-threat-modeling)  
 4.1.3 [Threat Dragon](#threat-dragon)  
-4.1.4 [Threat Modeling and Cornucopia](#cornucopia)  
-4.1.5 [Threat Modeling toolkit](#threat-modeling-toolkit)  
+4.1.4 [Cornucopia](#cornucopia)  
+4.1.5 [LINDDUN GO](#linddun-go)  
+4.1.6 [Threat Modeling toolkit](#threat-modeling-toolkit)  
 
 ----
 

draft/06-design/01-threat-modeling/04-cornucopia.md

@@ -12,7 +12,7 @@ permalink: /draft/design/threat_modeling/cornucopia/
 
 {% include breadcrumb.html %}
 
-### 4.1.4 Threat Modeling and Cornucopia
+### 4.1.4 Cornucopia
 
 OWASP Cornucopia is a card game used to help derive application security requirements
 during the software development life cycle.

draft/06-design/01-threat-modeling/05-linddun-go.md

@@ -0,0 +1,82 @@
+---
+
+title: Threat Modeling and LINDDUN GO
+layout: col-document
+tags: OWASP Developer Guide
+contributors: Jon Gadsden
+document: OWASP Developer Guide
+order: 615
+permalink: /draft/design/threat_modeling/linddun-go/
+
+---
+
+{% include breadcrumb.html %}
+
+### 4.1.5 LINDDUN GO
+
+LINNDUN GO is a card game used to help derive privacy requirements during the software development life cycle.
+The LINNDUN GO card set can be [downloaded][linddun-go-cards] as a PDF and then printed out.
+
+#### What is LINDDUN GO?
+
+[LINDDUN GO][linddun-go] helps identify potential privacy threats based on the key LINDDUN threats to privacy:
+
+* Linking
+* Identifying
+* Non-repudiation
+* Detecting
+* Data Disclosure
+* Unawareness
+* Non-compliance
+
+LINNDUN GO is similar to OWASP [Cornucopia][cornucopia] in that it takes the form of a set of cards that
+can be used to gamify the process of identifying application privacy / security requirements.
+The deck of 33 cards are arranged in suits that match each category of threats to privacy,
+and there is a [set of rules][linddun-go-rules] to structure the game sessions.
+Each LINDDUN GO card illustrates a single common privacy threat and suggested remediations.
+
+#### Why use it?
+
+[LINDDUN][linddun] is an approach to threat modeling from a privacy perspective.
+It is a methodology that is useful to structure and guide the identification of threats to privacy,
+and also helps with suggestions for the mitigation of any threats.
+
+[LINDDUN GO][linddun-go] gamifies this approach to privacy with a set of cards and rules
+to guide the identification process for threats to the privacy provided by the application.
+This is a change to other established processes and provides a different and useful perspective to the system.
+
+#### How to use LINDDUN GO
+
+The idea for a LINDDUN GO is that it is played in person by a diverse team with as varied a set of viewpoints as possible.
+The advice from the LINDDUN GO 'getting started' instructions is that this team contains some or all of:
+
+* domain experts
+* system architects
+* developers
+* the Data Protection Officer (DPO)
+* legal experts
+* the Chief Information Security Officer (CISO)
+* privacy champions
+
+The application should have already been described by an architecture diagram or data flow diagram
+so that the players have something to refer to during the game.
+[Download][linddun-go-cards] and printout the deck of cards.
+
+Follow the [set of rules][linddun-go-rules] to structure the game session, record the outcome and act on it.
+The outcome of the game is to identify possible privacy threats and propose remediations;
+as well as having a good time of course.
+
+----
+
+The OWASP Developer Guide is a community effort; if there is something that needs changing
+then [submit an issue][issue060105] or [edit on GitHub][edit060105].
+
+[cornucopia]: https://owasp.org/www-project-cornucopia/
+[edit060105]: https://github.com/OWASP/www-project-developer-guide/blob/main/draft/06-design/01-threat-modeling/05-linddun-go.md
+[issue060105]: https://github.com/OWASP/www-project-developer-guide/issues/new?labels=content&template=request.md&title=Update:%2006-design/01-threat-modeling/05-linddun-go
+[linddun]: https://linddun.org/
+[linddun-go]: https://linddun.org/go/
+[linddun-go-cards]: https://downloads.linddun.org/linddun-go/default/latest/go.pdf
+[linddun-go-rules]: https://linddun.org/go-getting-started/
+
+\newpage

…-design/01-threat-modeling/05-toolkit.md …-design/01-threat-modeling/06-toolkit.mddraft/06-design/01-threat-modeling/05-toolkit.md renamed to draft/06-design/01-threat-modeling/06-toolkit.md draft/06-design/01-threat-modeling/05-toolkit.md renamed to draft/06-design/01-threat-modeling/06-toolkit.md

@@ -5,14 +5,14 @@ layout: col-document
 tags: OWASP Developer Guide
 contributors: Jon Gadsden
 document: OWASP Developer Guide
-order: 615
+order: 616
 permalink: /draft/design/threat_modeling/toolkit/
 
 ---
 
 {% include breadcrumb.html %}
 
-### 4.1.5 Threat Modeling toolkit
+### 4.1.6 Threat Modeling toolkit
 
 There is no one technique or tool that fits every threat modeling process.
 The process can be tactical or architectural, subjective or automated, attack tree or data flow diagram,
@@ -59,12 +59,12 @@ providing practical suggestions along with explanations of both the terminology
 ----
 
 The OWASP Developer Guide is a community effort; if there is something that needs changing
-then [submit an issue][issue060105] or [edit on GitHub][edit060105].
+then [submit an issue][issue060106] or [edit on GitHub][edit060106].
 
 [4QFW]: https://github.com/adamshostack/4QuestionFrame
 [asacs]: https://cheatsheetseries.owasp.org/cheatsheets/Attack_Surface_Analysis_Cheat_Sheet.html
-[issue060105]: https://github.com/OWASP/www-project-developer-guide/issues/new?labels=content&template=request.md&title=Update:%2006-design/01-threat-modeling/05-toolkit
-[edit060105]: https://github.com/OWASP/www-project-developer-guide/blob/main/draft/06-design/01-threat-modeling/05-toolkit.md
+[issue060106]: https://github.com/OWASP/www-project-developer-guide/issues/new?labels=content&template=request.md&title=Update:%2006-design/01-threat-modeling/06-toolkit
+[edit060106]: https://github.com/OWASP/www-project-developer-guide/blob/main/draft/06-design/01-threat-modeling/06-toolkit.md
 [toolkit]: https://www.youtube.com/watch?v=KGy_KCRUGd4
 [tmcs]: https://cheatsheetseries.owasp.org/cheatsheets/Threat_Modeling_Cheat_Sheet.html
 [tmpb]: https://owasp.org/www-project-threat-modeling-playbook/