“We are a startup to the core”: A qualitative interview study on the security and privacy development practices in Turkish software startups

Dilara Kekulluoglu, Yasemin Acar

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract / Description of output

Security and privacy are often neglected in software development, and rarely a priority for developers. This insight is commonly based on research conducted by researchers and on developer populations living and working in the United States, Europe, and the United Kingdom. However, the production of software is global, and crucial populations in important technology hubs are not adequately studied. The software startup scene in Turkey is impactful, and comprehension, knowledge, and mitigations related to software security and privacy remain understudied. To close this research gap, we conducted a semi-structured interview study with 16 developers working in Turkish software startups. The goal of the interview study was to analyze if and how developers ensure that their software is secure and preserves user privacy. Our main finding is that developers rarely prioritize security and privacy, due to a lack of awareness, skills, and resources. We find that regulations can make a positive impact on security and privacy. Based on the study, we issue recommendations for industry, individual developers, research, educators, and regulators. Our recommendations can inform a more globalized approach to security and privacy in software development.
Original languageEnglish
Title of host publicationProceedings of the IEEE Symposium on Security and Privacy 2023
PublisherIEEE Computer Society Press
Pages2015-2031
Number of pages17
ISBN (Electronic)9781665493369
DOIs
Publication statusPublished - 31 May 2023
Event44th IEEE Symposium on Security and Privacy, 2023 - San Francisco, United States
Duration: 22 May 202325 May 2023
Conference number: 44
https://www.ieee-security.org/TC/SP2023/

Symposium

Symposium44th IEEE Symposium on Security and Privacy, 2023
Abbreviated titleIEEE S&P 2023
Country/TerritoryUnited States
CitySan Francisco
Period22/05/2325/05/23
Internet address

Keywords / Materials (for Non-textual outputs)

  • usable security
  • usable privacy
  • human factors
  • interview
  • developers
  • startups
  • Turkey

Fingerprint

Dive into the research topics of '“We are a startup to the core”: A qualitative interview study on the security and privacy development practices in Turkish software startups'. Together they form a unique fingerprint.

Cite this