As a consequence to factors such as progress made by the attackers, release of new technologies and use of increasingly complex systems, and threats to applications security have been continuously evolving. Security of code and privacy of data must be implemented in both design and programming practice to face such scenarios. In such a context, this paper proposes a software development approach, Privacy Oriented Software Development (POSD), that complements traditional development processes by integrating the activities needed for addressing security and privacy management in software systems. The approach is based on 5 key elements (Privacy by Design, Privacy Design Strategies, Privacy Pattern, Vulnerabilities, Context). The approach can be applied in two directions forward and backward, for developing new software systems or re-engineering an existing one. This paper presents the POSD approach in the backward mode together with an application in the context of an industrial project. Results show that POSD is able to discover software vulnerabilities, identify the remediation patterns needed for addressing them in the source code, and design the target architecture to be used for guiding privacy-oriented system re-engineering.

中文翻译：

---

在软件开发中集成安全和隐私

由于攻击者取得的进展、新技术的发布和日益复杂的系统的使用等因素，以及对应用程序安全的威胁等因素不断发展。面对这样的场景，必须在设计和编程实践中实现代码安全和数据隐私。在这种背景下，本文提出了一种软件开发方法，即面向隐私的软件开发 (POSD)，它通过集成解决软件系统中的安全和隐私管理所需的活动来补充传统的开发过程。该方法基于 5 个关键要素（隐私设计、隐私设计策略、隐私模式、漏洞、上下文）。该方法可以应用于向前和向后两个方向，用于开发新的软件系统或重新设计现有的软件系统。本文介绍了落后模式下的 POSD 方法以及在工业项目背景下的应用。结果表明，POSD 能够发现软件漏洞，识别在源代码中解决它们所需的修复模式，并设计用于指导面向隐私的系统重新设计的目标架构。