The Impact of Developer Experience in Using Java Cryptography

Hazhirpasand, Mohammadreza; Ghafari, Mohammad; Krüger, Stefan; Bodden, Eric; Nierstrasz, Oscar (19 September 2019). The Impact of Developer Experience in Using Java Cryptography. In: 2019 ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM). Porto de Galinhas, Brazil. September 19th-20th, 2019. 10.1109/ESEM.2019.8870184

[img] Text
Hazh19aJCA-Impact.pdf - Accepted Version
Restricted to registered users only
Available under License Publisher holds Copyright.

Download (335kB) | Request a copy
[img] Text
08870184.pdf - Published Version
Restricted to registered users only
Available under License Publisher holds Copyright.

Download (292kB) | Request a copy

Background: Previous research has shown that crypto APIs are hard for developers to understand and difficult for them to use. They consequently rely on unvalidated boilerplate code from online resources where security vulnerabilities are common.Aims and method: We analyzed 2,324 open-source Java projects that rely on Java Cryptography Architecture (JCA) to understand how crypto APIs are used in practice, and what factors account for the performance of developers in using these APIs.Results: We found that, in general, the experience of developers in using JCA does not correlate with their performance. In particular, none of the factors such as the number or frequency of committed lines of code, the number of JCA APIs developers use, or the number of projects they are involved in correlate with developer performance in this domain.Conclusions: We call for qualitative studies to shed light on the reasons underlying the success of developers who are expert in using cryptography. Also, detailed investigation at API level is necessary to further clarify a developer obstacles in this domain.

Item Type:

Conference or Workshop Item (Paper)

Division/Institute:

08 Faculty of Science > Institute of Computer Science (INF)

UniBE Contributor:

Hazhirpasand Barkadehi, Mohammadreza; Ghafari, Mohammad and Nierstrasz, Oscar

Subjects:

000 Computer science, knowledge & systems
500 Science > 510 Mathematics

Language:

English

Submitter:

Oscar Nierstrasz

Date Deposited:

17 Feb 2020 14:11

Last Modified:

17 Feb 2020 14:19

Publisher DOI:

10.1109/ESEM.2019.8870184

ArXiv ID:

1908.01489v1

Uncontrolled Keywords:

scg-pub snf-asa3 scg19 jb19

BORIS DOI:

10.7892/boris.139905

URI:

https://boris.unibe.ch/id/eprint/139905

Actions (login required)

Edit item Edit item
Provide Feedback