Related papers: "We are a startup to the core": A qualitative interview study on the security and privacy development practices in Turkish software startups

"We are a startup to the core": A qualitative interview study on the security and privacy development practices in Turkish software startups

URL: http://arxiv.org/abs/2212.08396v1
Date: Fri, 16 Dec 2022 10:40:43 GMT
Title: "We are a startup to the core": A qualitative interview study on the security and privacy development practices in Turkish software startups
Authors: Dilara Kek\"ull\"uo\u{g}lu and Yasemin Acar
Abstract summary: Security and privacy are neglected in software development, and rarely a priority for developers. To close this research gap, we conducted a semi-structured interview study with 16 developers working in Turkish software startups. Our main finding is that developers rarely prioritize security and privacy, due to a lack of awareness, skills, and resources.
Score: 7.222052188523043
License: http://creativecommons.org/licenses/by/4.0/
Abstract: Security and privacy are often neglected in software development, and rarely a priority for developers. This insight is commonly based on research conducted by researchers and on developer populations living and working in the United States, Europe, and the United Kingdom. However, the production of software is global, and crucial populations in important technology hubs are not adequately studied. The software startup scene in Turkey is impactful, and comprehension, knowledge, and mitigations related to software security and privacy remain understudied. To close this research gap, we conducted a semi-structured interview study with 16 developers working in Turkish software startups. The goal of the interview study was to analyze if and how developers ensure that their software is secure and preserves user privacy. Our main finding is that developers rarely prioritize security and privacy, due to a lack of awareness, skills, and resources. We find that regulations can make a positive impact on security and privacy. Based on the study, we issue recommendations for industry, individual developers, research, educators, and regulators. Our recommendations can inform a more globalized approach to security and privacy in software development.

Related papers

Ethical software requirements from user reviews: A systematic literature review [0.0]
This SLR aims to identify and analyze existing ethical requirements identification and elicitation techniques. Ethical requirements gathering has recently driven drastic interest in the research community due to the rise of ML and AI-based approaches in decision-making within software applications.
arXiv Detail & Related papers (2024-09-18T19:56:19Z)
A Developer-Centric Study Exploring Mobile Application Security Practices and Challenges [10.342268145364242]
This study explores the common practices and challenges that developers face in securing their apps. Our findings show that developers place high importance on security, frequently implementing features such as authentication and secure storage. We envision our findings leading to improved security practices, better-designed tools and resources, and more effective training programs.
arXiv Detail & Related papers (2024-08-16T22:03:06Z)
Privacy Risks of General-Purpose AI Systems: A Foundation for Investigating Practitioner Perspectives [47.17703009473386]
Powerful AI models have led to impressive leaps in performance across a wide range of tasks. Privacy concerns have led to a wealth of literature covering various privacy risks and vulnerabilities of AI models. We conduct a systematic review of these survey papers to provide a concise and usable overview of privacy risks in GPAIS.
arXiv Detail & Related papers (2024-07-02T07:49:48Z)
Using AI Assistants in Software Development: A Qualitative Study on Security Practices and Concerns [23.867795468379743]
Recent research has demonstrated that AI-generated code can contain security issues. How software professionals balance AI assistant usage and security remains unclear. This paper investigates how software professionals use AI assistants in secure software development.
arXiv Detail & Related papers (2024-05-10T10:13:19Z)
(In)Security of Mobile Apps in Developing Countries: A Systematic Literature Review [4.906685634163683]
In developing countries, several key sectors, including education, finance, agriculture, and healthcare, mainly deliver their services via mobile app technology on handheld devices. Mobile app security has emerged as a paramount issue in developing countries.
arXiv Detail & Related papers (2024-05-07T15:26:53Z)
Bridging Gaps, Building Futures: Advancing Software Developer Diversity and Inclusion Through Future-Oriented Research [50.545824691484796]
We present insights from SE researchers and practitioners on challenges and solutions regarding diversity and inclusion in SE. We share potential utopian and dystopian visions of the future and provide future research directions and implications for academia and industry.
arXiv Detail & Related papers (2024-04-10T16:18:11Z)
The current state of security -- Insights from the German software industry [0.0]
This paper outlines the main ideas of secure software development that have been discussed in the literature. A dataset on implementation in practice is gathered through a qualitative interview research involving 20 companies.
arXiv Detail & Related papers (2024-02-13T13:05:10Z)
Advancing Differential Privacy: Where We Are Now and Future Directions for Real-World Deployment [100.1798289103163]
We present a detailed review of current practices and state-of-the-art methodologies in the field of differential privacy (DP) Key points and high-level contents of the article were originated from the discussions from "Differential Privacy (DP): Challenges Towards the Next Frontier" This article aims to provide a reference point for the algorithmic and design decisions within the realm of privacy, highlighting important challenges and potential research directions.
arXiv Detail & Related papers (2023-04-14T05:29:18Z)
A Survey of Trustworthy Federated Learning with Perspectives on Security, Robustness, and Privacy [47.89042524852868]
Federated Learning (FL) stands out as a promising solution for diverse real-world scenarios. However, challenges around data isolation and privacy threaten the trustworthiness of FL systems.
arXiv Detail & Related papers (2023-02-21T12:52:12Z)
Dos and Don'ts of Machine Learning in Computer Security [74.1816306998445]
Despite great potential, machine learning in security is prone to subtle pitfalls that undermine its performance. We identify common pitfalls in the design, implementation, and evaluation of learning-based security systems. We propose actionable recommendations to support researchers in avoiding or mitigating the pitfalls where possible.
arXiv Detail & Related papers (2020-10-19T13:09:31Z)
Is 40 the new 60? How popular media portrays the employability of older software developers [78.42660996736939]
We analyzed popular online articles and related discussions on Hacker News through the lens of employability issues and potential mitigation strategies. We highlight the importance of keeping up-to-date, specializing in certain tasks or technologies, and present role transitions as a way forward for veteran developers.
arXiv Detail & Related papers (2020-04-13T10:00:03Z)

This list is automatically generated from the titles and abstracts of the papers in this site.