Worrisome Patterns in Developers: A Survey in Cryptography

Hazhirpasand, Mohammadreza; Ghafari, Mohammad; Nierstrasz, Oscar (November 2021). Worrisome Patterns in Developers: A Survey in Cryptography. In: 2021 36th IEEE/ACM International Conference on Automated Software Engineering Workshops (ASEW). Melbourne, Australia. Nov. 15 - 19, 2021. 10.1109/ASEW52652.2021.00045

[img]
Preview
Text
Hazh21d.pdf - Accepted Version
Available under License Creative Commons: Attribution (CC-BY).

Download (271kB) | Preview
[img] Text
Worrisome_Patterns_in_Developers_A_Survey_in_Cryptography.pdf - Published Version
Restricted to registered users only
Available under License Publisher holds Copyright.

Download (258kB) | Request a copy

We surveyed 97 developers who had used cryptography in open-source projects, in the hope of identifying developer security and cryptography practices. We asked them about individual and company-level practices, and divided respondents into three groups (i.e., high, medium, and low) based on their level of knowledge. We found differences between the high-profile developers and the other two groups. For instance, high-profile developers have more years of experience in programming, have attended more security and cryptography courses, have more background in security, are highly concerned about security, and tend to use security tools more than the other two groups. Nevertheless, we observed worrisome patterns among all participants such as the high usage of unreliable sources like Stack Overflow, and the low rate of security tool usage.

Item Type:

Conference or Workshop Item (Paper)

Division/Institute:

08 Faculty of Science > Institute of Computer Science (INF)
08 Faculty of Science > Institute of Computer Science (INF) > Software Composition Group (SCG) [discontinued]

UniBE Contributor:

Hazhirpasand Barkadehi, Mohammadreza, Ghafari, Mohammad, Nierstrasz, Oscar

Subjects:

000 Computer science, knowledge & systems

ISBN:

978-1-6654-3583-3

Language:

English

Submitter:

Oscar Nierstrasz

Date Deposited:

24 Feb 2022 09:04

Last Modified:

05 Dec 2022 16:07

Publisher DOI:

10.1109/ASEW52652.2021.00045

ArXiv ID:

2109.14363v2

Uncontrolled Keywords:

scg-pub security snf-asa3 scg21 jb22

BORIS DOI:

10.48350/165147

URI:

https://boris.unibe.ch/id/eprint/165147

Actions (login required)

Edit item Edit item
Provide Feedback