Secure Design
How would you design a whistleblower solution, so it is secure?
Context
Whistleblowing can be defined as; the activity of an employee, revealing information about activity within an organization that is wrongful in some way. It could be: illegal, immoral, illicit, unsafe, unethical, or fraudulent.
A whistleblower solution is a software system that assist in reporting and investigation of wrongful activity within an organization.
The person (employee) reporting wrongful activity could fear harmful repercussions, if their identity becomes known.
Exercise
The app should allow employees to anonymously report issues that demand attention. Appointed investigators at the company/organization should be able to investigate the case. The employee that reported the issue should be able to follow the progress of the case. Optionally, the investigator should be able to request more information from the employee.
In small groups, discuss how you can design a better whistleblower solution. Start by defining:
- Requirements
- Security requirements
- Use-cases
- Misuse-cases
Then you can either:
a) Code your design, focusing on backend. I don’t expect you to implement the entire backend. But do implement part of it and try to challenge yourself a little.
b) Document your would implement such a solution. Include diagrams using known diagramming techniques (UML etc.).
You can draw inspiration (on how not to do it) from the Monotonic Mouth Organ app.
(“Monotonic Mouth Organ” is just a convoluted way to say “whistle”.)
Feedback
If you want feedback on your solution, then send the produced artifacts to me via email. With artifacts, I mean:
- a) link to public Git repository
- b) diagrams (svg, png or pdf)
Enough context must be provided such that someone who did not participate in any of the group discussions can understand the reasoning behind it.