Human Factors in Secure Software Development

While security research has made significant progress in the development of theoretically secure methods, software and algorithms, software still comes with many possible exploits, many of those using the human factor. The human factor is often called ``the weakest link'' in software security. To solve this, human factors research in security and privacy focus on the users of technology and consider their security needs. The research then asks how technology can serve users while minimizing risks and empowering them to retain control over their own data. However, these concepts have to be implemented by developers whose security errors may proliferate to all of their software's users. For example, software that stores data in an insecure way, does not secure network traffic correctly, or otherwise fails to adhere to secure programming best practices puts all of the software's users at risk. It is therefore critical that software developers implement security correctly. However, in addition to security rarely being a primary concern while producing software, developers may also not have extensive awareness, knowledge, training or experience in secure development. A lack of focus on usability in libraries, documentation, and tools that they have to use for security-critical components may exacerbate the problem by blowing up the investment of time and effort needed to "get security right". This dissertation's focus is how to support developers throughout the process of implementing software securely. This research aims to understand developers' use of resources, their mindsets as they develop, and how their background impacts code security outcomes. Qualitative, quantitative and mixed methods were employed online and in the laboratory, and large scale datasets were analyzed to conduct this research. This research found that the information sources developers use can contribute to code (in)security: copying and pasting code from online forums leads to achieving functional code quickly compared to using official documentation resources, but may introduce vulnerable code. We also compared the usability of cryptographic APIs, finding that poor usability, unsafe (possibly obsolete) defaults and unhelpful documentation also lead to insecure code. On the flip side, well-thought out documentation and abstraction levels can help improve an API's usability and may contribute to secure API usage. We found that developer experience can contribute to better security outcomes, and that studying students in lieu of professional developers can produce meaningful insights into developers' experiences with secure programming. We found that there is a multitude of online secure development advice, but that these advice sources are incomplete and may be insufficient for developers to retrieve help, which may cause them to choose un-vetted and potentially insecure resources. This dissertation supports that (a) secure development is subject to human factor challenges and (b) security can be improved by addressing these challenges and supporting developers. The work presented in this dissertation has been seminal in establishing human factors in secure development research within the security and privacy community and has advanced the dialogue about the rigorous use of empirical methods in security and privacy research. In these research projects, we repeatedly found that usability issues of security and privacy mechanisms, development practices, and operation routines are what leads to the majority of security and privacy failures that affect millions of end users

‘We are more than Alliances between Groups’:A Social Psychological Perspective on the Gezi Park Protesters and Negotiating Levels of Identity

In May 2013, a small group of protesters made camp in Istanbul's Taksim Square, protesting the privatisation of what had long been a vibrant public space. When the police responded to the demonstration with brutality, the protests exploded in size and force, quickly becoming a massive statement of opposition to the Turkish regime. This book assembles a collection of field research, data, theoretical analyses, and cross-country comparisons to show the significance of the protests both within Turkey and throughout the world

Multi-level gains of fat activism and their impact on sustained activism for fat justice

Previous research has indicated that outcomes of collective action can occur at the individual, group, and societal levels. Taken together, we argue that multi-level outcomes can influence sustained involvement in social movements. We aimed to examine the multi-level outcomes of fat activism across two studies. In our first study, we conducted semi-structured interviews with fat activists (N = 20) to learn what they believe are the multi-level outcomes of fat activism. At the individual level, activists reported greater health, well-being, and self-esteem; at the group level, they reported a sense of community and increased clothing options; and at the societal level, they reported change in toxic cultures around dieting. By building on the findings of Study 1, Study 2 (N = 464) aimed to understand how fat individuals' past collective action participation may predict their future collective action participation through individual-, group-, and societal-level gains. Results indicate that greater collective action participation in the past predicts greater willingness to engage in collective action through the pathway of higher beliefs in individual and societal gains of fat activism, but not through group-level gains, even after we control for identification with fat and fat activist identities. We discuss these findings in relation to the importance of multi-level outcomes in collective action and sustained involvement in social movements.</p

İstanbul’daki Osmanlı Çinilerinde Ağaç Motifleri

İstanbul’da camilerde 16. 17.yy’a ait servi ağacı ve bahar ağaçlı panoların Rüstem Paşa Camii, Sultan Ahmed Camii ve Valide-i Atik Camii de bulunduğu tespit edilmiştir. Bu panoların, 10 adet bahar ağacı, 4 adet servi ağacıdır, toplamda 14 adet ağaçlı pano incelenmiştir. Bahar ağacı ve servi ağacı panolarında kahverengi, kobalt mavi, yeşil, turkuaz, domates kırmızı tercih edilerek sır altı tekniğinde fırınlanmıştır. Bahar ağacı ve servi ağacı panolarında ağacın başlangıç noktasından dallarının dağılma noktasına kadar olan alanda genellikle natüralist üslup çiçekler lale, karanfil, sümbül, gül çiçekleri kullanılmıştır. Bu dönemim en güzel örnekleri olan ağaçlı panolarda kullanılan renkler, desen ve teknik itibarı ile İznik üretimi olduğu tespit edilmiştir. Bahar ağacı ve servi ağacı pano çalışmaların saraylarda ve türbelerde de yer aldığı görülmüştür. Alana göre farklı kurgularda karşımıza çıkmaktadır, camilerdeki serviler ile bahar ağaçlı panoların aralarındaki fark kaideleri, desen dağılımı ve ağaç formları ile ilgilidir. Çalışma dört bölümden oluşmaktadır. Birinci bölümde Ağacın tanımı, ikinci bölümde, Türk mitolojisinde ve inanışında ağacın yeri, üçüncü bölümde çinide kullanılan ağaç motifleri, dördüncü bölümde ise 16.yy Osmanlı çinilerinde ve İstanbul’daki camilerde ağaçlı panolar incelenmiştir.In the mosques in Istanbul 16th 17th century cypress trees and spring tree panels were found to be Rüstem Pasha mosque, Sultan Ahmed mosque and Valide-i Atik mosque. These panels, 10 spring tree, 4 is a cypress tree, a total of 14 trees were examined. In the spring tree and cypress tree panels, brown, cobalt blue, green, turquoise and tomato red were preferred and they were baked under the glaze technique. In the spring tree and cypress tree panels, from the starting point of the tree to the point of dispersion of the branches, generally naturalist style flowers tulips, carnations, hyacinths and rose flowers were used. The most beautiful examples of this period, the use of wood panels, colors, patterns and technical reputation was determined that the production of Iznik. Spring tree and cypress tree panel work It is seen that it is also located in palaces and shrines. It is seen in different fictions according to the area, it is related to the difference between the services in the mosques and the spring tree panels. The study consists of four parts. In the first chapter, the definition of the tree, the second part, the place of the tree in Turkish mythology and belief, the tree motifs used in the third section, the fourth section, the 16th century Ottoman tiles and the mosques in Istanbul mosques were examined

Does ownership type affect environmental disclosure?

PurposeIn recent years, firms tend to direct their attention in communicating their environmental actions with their stakeholders. However, the level of environmental disclosers varies significantly among firms. This paper aims to explain the variation in environmental disclosure of firms based on their ownership type, namely – state ownership and institutional ownership. The study further aims to understand whether and how the relationship between ownership structure and environmental disclosure changes regarding countries’ development levels.Design/methodology/approachThis paper uses a sample of 27,847 firm-year observations from 72 countries/economic districts between the years 2002 and 2017 and regression analysis to test how the relationship between different ownership structures and environmental disclosure and whether this relation is conditional on countries’ development levels.FindingsThis study finds that firms with higher state ownership have higher environmental disclosures and higher institutional ownership has a negative effect on environmental disclosures. Furthermore, this paper also documents that firms with higher state ownership and operating in developed countries have incrementally higher environmental disclosure, relative to firms operating in developing countries.Research limitations/implicationsThe study has limitations that would provide possible starting points for further research. The first limitation is related to the environmental disclosure measure, which reflects the level of environmental disclosure of firms based on their disclosure information given in the Thomson Reuters, Asset4 database. A more refined measure can be constructed using hand-collected data based on linguistic analysis, which may reflect not only the level of the disclosure but also the quality of the environmental disclosure. The second limitation is the limited focus of the study toward state and institutional shareholding. Therefore, future research may consider examining the different types of ownership such as family ownership.Practical implicationsThe findings of the study may help policymakers and regulators to consider the potential impact of various ownership types on environmental disclosures. Also, given the impact of countries’ development levels, regulators should consider that a one-size-fits-all is not applicable in environmental disclosures. Therefore, each country should consider the institutional dynamics of their operating environment to set appropriate regulations to enhance environmental disclosures.Social implicationsFrom a social perspective, the findings indicate that firms’ stakeholder engagement via environmental disclosures depends on the type of the controlling shareholders.Originality/valueThis study contributes to the literature by developing a new construct for environmental disclosure based on Biodiversity, Climate Change, Environmental Investments and Spill Impact Reduction performance measures. Further, grounding on legitimacy and stakeholder theories, this study shows the influence of ownership type on environmental disclosures and how this effect changes in accordance with the countries’ development

Epileptic encephalopathy with electrical status epilepticus during slow sleep: Evaluation of treatment response from a tertiary center

Background. This study aimed to evaluate the clinical, electrophysiological, etiological features, and treatment response in children with epileptic encephalopathy with electrical status epilepticus during slow sleep (ESES). Methods. Clinical data, records of electroencephalograms (EEG), and brain magnetic resonance imaging (MRI) findings of 33 patients with ESES who were treated, and followed up for at least one year were retrospectively analyzed. Results. Of all patients, 57.6% were male, and 42.4% were female. The mean age was 10.45 +/- 2.88 years. At first admission, 90% of patients had seizures, and 10% had only school failure. Twelve patients had childhood focal epileptic syndrome. In etiology, asphyxia (n=6), hydrocephalus (n=2), polymicrogyria (n=1), and mesial temporal sclerosis (n=1) were determined. Neurological examination was abnormal in 27.2%, and brain MRI findings were pathological in 36.3% of the patients. During the ESES phase, the spike-wave index (SWI) on the non-rapid eye movement (NREM) sleep EEG was >85% in 16 patients and 50-85% in 17 patients. Only one patient received one, and the others had at least two antiseizure medications. Benzodiazepines were found to be the most effective treatment. In the two-year follow-up, 24 patients (72.7%) were seizure-free, and nineteen patients (57.5%) had complete recovery of SWI on their NREM sleep EEG. There was a significant correlation with reduction of the SWI on the EEG and seizure control (p <0.001). In addition, a significant correlation was found between neurocognitive and behavioral scores scored before and after treatment, seizure control, and EEG recovery. Conclusions. ESES is an epileptic encephalopathy that can be treated safely with antiseizure medications. Neurocognitive examinations and follow-up of EEG findings are valuable in terms of the treatment response. Benzodiazepines were found to be very effective in additional treatment

Ownership and Corporate Social Responsibility:"The power of the female touch"

Using a sample of 26,029 firm-year observations over the period 2002–2017 from 4,479 firms and 44 countries, we examine the relationship between ownership concentration and corporate social responsibility by focusing on the mediating role of board gender diversity and the moderating role of family shareholding. We find that ownership concentration negatively affects corporate social responsibility, and the board gender diversity partially mediates this negative effect. Our results indicate that the mediating effect of board gender diversity leads to a 10.65 percent decrease in the impact of ownership concentration on corporate social responsibility. Furthermore, moderated path analysis indicates that family shareholding weakens the direct effect of ownership concentration on board gender diversity and its indirect effect on corporate social responsibility. In post hoc analysis, we also document that the effect of gender diversity on the board is more prevalent in high gender-egalitarian societies where women are more involved in decision-making. Our study addresses the strategic role of female board members in increasing firms' respect for corporate social responsibility, especially in family-controlled firms. Thus, our results may provide insights to regulators and policymakers to enhance firms’ corporate social practices by encouraging women’s participation on corporate boards