Hazhirpasand, Mohammadreza; Ghafari, Mohammad; Krüger, Stefan; Bodden, Eric; Nierstrasz, Oscar (19 September 2019). The Impact of Developer Experience in Using Java Cryptography. In: 2019 ACM/IEEE International Symposium on Empirical Software Engineering and Measurement (ESEM). Porto de Galinhas, Brazil. September 19th-20th, 2019. 10.1109/ESEM.2019.8870184
![[img]](https://boris.unibe.ch/style/images/fileicons/text.png) |
Text
Hazh19aJCA-Impact.pdf - Accepted Version Restricted to registered users only Available under License Publisher holds Copyright. Download (335kB) | Request a copy |
|
Text
08870184.pdf - Published Version Restricted to registered users only Available under License Publisher holds Copyright. Download (292kB) | Request a copy |
Background: Previous research has shown that crypto APIs are hard for developers to understand and difficult for them to use. They consequently rely on unvalidated boilerplate code from online resources where security vulnerabilities are common.Aims and method: We analyzed 2,324 open-source Java projects that rely on Java Cryptography Architecture (JCA) to understand how crypto APIs are used in practice, and what factors account for the performance of developers in using these APIs.Results: We found that, in general, the experience of developers in using JCA does not correlate with their performance. In particular, none of the factors such as the number or frequency of committed lines of code, the number of JCA APIs developers use, or the number of projects they are involved in correlate with developer performance in this domain.Conclusions: We call for qualitative studies to shed light on the reasons underlying the success of developers who are expert in using cryptography. Also, detailed investigation at API level is necessary to further clarify a developer obstacles in this domain.
Item Type: |
Conference or Workshop Item (Paper) |
|---|---|
Division/Institute: |
08 Faculty of Science > Institute of Computer Science (INF) |
UniBE Contributor: |
Hazhirpasand Barkadehi, Mohammadreza, Ghafari, Mohammad, Nierstrasz, Oscar |
Subjects: |
000 Computer science, knowledge & systems 500 Science > 510 Mathematics |
Language: |
English |
Submitter: |
Oscar Nierstrasz |
Date Deposited: |
17 Feb 2020 14:11 |
Last Modified: |
05 Dec 2022 15:36 |
Publisher DOI: |
10.1109/ESEM.2019.8870184 |
ArXiv ID: |
1908.01489v1 |
Uncontrolled Keywords: |
scg-pub snf-asa3 scg19 jb19 |
BORIS DOI: |
10.7892/boris.139905 |
URI: |
https://boris.unibe.ch/id/eprint/139905 |
Actions (login required)
 |
Edit item |