Worrisome Patterns in Developers: A Survey in Cryptography

Hazhirpasand, Mohammadreza; Ghafari, Mohammad; Nierstrasz, Oscar (November 2021). Worrisome Patterns in Developers: A Survey in Cryptography. In: 2021 36th IEEE/ACM International Conference on Automated Software Engineering Workshops (ASEW). Melbourne, Australia. Nov. 15 - 19, 2021. 10.1109/ASEW52652.2021.00045

Preview	Text Hazh21d.pdf - Accepted Version Available under License Creative Commons: Attribution (CC-BY). Download (271kB) | Preview
	Text Worrisome_Patterns_in_Developers_A_Survey_in_Cryptography.pdf - Published Version Restricted to registered users only Available under License Publisher holds Copyright. Download (258kB)

We surveyed 97 developers who had used cryptography in open-source projects, in the hope of identifying developer security and cryptography practices. We asked them about individual and company-level practices, and divided respondents into three groups (i.e., high, medium, and low) based on their level of knowledge. We found differences between the high-profile developers and the other two groups. For instance, high-profile developers have more years of experience in programming, have attended more security and cryptography courses, have more background in security, are highly concerned about security, and tend to use security tools more than the other two groups. Nevertheless, we observed worrisome patterns among all participants such as the high usage of unreliable sources like Stack Overflow, and the low rate of security tool usage.

Interest & Impact

Downloads

104 since deposited on 24 Feb 2022
26 in the past 12 months

Citations

5 Citations in Web of Science ®
6 Citations in Scopus

Search

in Google Scholar™

Services

Actions (login required)

Edit item

Actions (login required)

Edit item