Hurdles for Developers in Cryptography

Hazhirpasand, Mohammadreza; Nierstrasz, Oscar; Shabani, Mohammadhossein; Ghafari, Mohammad (2021). Hurdles for Developers in Cryptography. In: 2021 IEEE International Conference on Software Maintenance and Evolution (ICSME). Luxembourg. Sept. 27 2021 to Oct. 1 2021. 10.1109/ICSME52107.2021.00076

Preview	Text Hazh21c.pdf - Accepted Version Available under License Creative Commons: Attribution (CC-BY). Download (246kB) | Preview
	Text Hurdles_for_Developers_in_Cryptography.pdf - Published Version Restricted to registered users only Available under License Publisher holds Copyright. Download (39MB) | Request a copy

Prior research has shown that cryptography is hard to use for developers. We aim to understand what cryptography issues developers face in practice. We clustered 91 954 cryptography-related questions on the Stack Overflow website, and manually analyzed a significant sample (i.e., 383) of the questions to comprehend the crypto challenges developers commonly face in this domain. We found that either developers have a distinct lack of knowledge in understanding the fundamental concepts, e.g., OpenSSL, public-key cryptography or password hashing, or the usability of crypto libraries undermined developer performance to correctly realize a crypto scenario. This is alarming and indicates the need for dedicated research to improve the design of crypto APIs.

Interest & Impact

Downloads

79 since deposited on 24 Feb 2022
71 in the past 12 months

Citations

5 Citations in Web of Science ®
6 Citations in Scopus

Search

in Google Scholar™

Services

Actions (login required)

Edit item

Actions (login required)

Edit item