Abstract / Description of output
Security and privacy are often neglected in software development, and rarely a priority for developers. This insight is commonly based on research conducted by researchers and on developer populations living and working in the United States, Europe, and the United Kingdom. However, the production of software is global, and crucial populations in important technology hubs are not adequately studied. The software startup scene in Turkey is impactful, and comprehension, knowledge, and mitigations related to software security and privacy remain understudied. To close this research gap, we conducted a semi-structured interview study with 16 developers working in Turkish software startups. The goal of the interview study was to analyze if and how developers ensure that their software is secure and preserves user privacy. Our main finding is that developers rarely prioritize security and privacy, due to a lack of awareness, skills, and resources. We find that regulations can make a positive impact on security and privacy. Based on the study, we issue recommendations for industry, individual developers, research, educators, and regulators. Our recommendations can inform a more globalized approach to security and privacy in software development.
Original language | English |
---|---|
Title of host publication | Proceedings of the IEEE Symposium on Security and Privacy 2023 |
Publisher | IEEE Computer Society Press |
Pages | 2015-2031 |
Number of pages | 17 |
ISBN (Electronic) | 9781665493369 |
DOIs | |
Publication status | Published - 31 May 2023 |
Event | 44th IEEE Symposium on Security and Privacy, 2023 - San Francisco, United States Duration: 22 May 2023 → 25 May 2023 Conference number: 44 https://www.ieee-security.org/TC/SP2023/ |
Symposium
Symposium | 44th IEEE Symposium on Security and Privacy, 2023 |
---|---|
Abbreviated title | IEEE S&P 2023 |
Country/Territory | United States |
City | San Francisco |
Period | 22/05/23 → 25/05/23 |
Internet address |
Keywords / Materials (for Non-textual outputs)
- usable security
- usable privacy
- human factors
- interview
- developers
- startups
- Turkey