Hurdles for Developers in Cryptography

Hazhirpasand, Mohammadreza; Nierstrasz, Oscar; Shabani, Mohammadhossein; Ghafari, Mohammad (2021). Hurdles for Developers in Cryptography. In: 2021 IEEE International Conference on Software Maintenance and Evolution (ICSME). Luxembourg. Sept. 27 2021 to Oct. 1 2021. 10.1109/ICSME52107.2021.00076

Preview	Text Hazh21c.pdf - Accepted Version Available under License Creative Commons: Attribution (CC-BY). Download (246kB) | Preview
	Text Hurdles_for_Developers_in_Cryptography.pdf - Published Version Restricted to registered users only Available under License Publisher holds Copyright. Download (39MB)

Prior research has shown that cryptography is hard to use for developers. We aim to understand what cryptography issues developers face in practice. We clustered 91 954 cryptography-related questions on the Stack Overflow website, and manually analyzed a significant sample (i.e., 383) of the questions to comprehend the crypto challenges developers commonly face in this domain. We found that either developers have a distinct lack of knowledge in understanding the fundamental concepts, e.g., OpenSSL, public-key cryptography or password hashing, or the usability of crypto libraries undermined developer performance to correctly realize a crypto scenario. This is alarming and indicates the need for dedicated research to improve the design of crypto APIs.

Interest & Impact

Downloads

163 since deposited on 24 Feb 2022
53 in the past 12 months

Citations

5 Citations in Web of Science ®
6 Citations in Scopus

Search

in Google Scholar™

Services

Actions (login required)

Edit item

Actions (login required)

Edit item