Hazhirpasand, Mohammadreza; Ghafari, Mohammad (December 2021). Cryptography Vulnerabilities on HackerOne. In: 21st IEEE International Conference on Software Quality, Reliability, and Security (QRS). 10.1109/QRS54544.2021.00013
![[img]](https://boris.unibe.ch/style/images/fileicons/text.png) |
Text
Hazh21f.pdf - Accepted Version Restricted to registered users only Available under License Publisher holds Copyright. Download (190kB) |
Previous studies have shown that cryptography is hard for developers to use and misusing cryptography leads to severe security vulnerabilities. We studied relevant vulnerability reports on the HackerOne bug bounty platform to understand what types of cryptography vulnerabilities exist in the wild. We extracted eight themes of vulnerabilities from the vulnerability reports and discussed their real-world implications and mitigation strategies. We hope that our findings alert developers, familiarize them with the dire consequences of cryptography misuses, and support them in avoiding such mistakes.
Item Type: |
Conference or Workshop Item (Paper) |
|---|---|
Division/Institute: |
08 Faculty of Science > Institute of Computer Science (INF) 08 Faculty of Science > Institute of Computer Science (INF) > Software Composition Group (SCG) [discontinued] |
UniBE Contributor: |
Hazhirpasand Barkadehi, Mohammadreza, Ghafari, Mohammad |
Subjects: |
000 Computer science, knowledge & systems |
ISSN: |
2693-9177 |
Funders: |
[UNSPECIFIED] SNSF |
Language: |
English |
Submitter: |
Oscar Nierstrasz |
Date Deposited: |
27 Apr 2022 16:46 |
Last Modified: |
05 Dec 2022 16:19 |
Publisher DOI: |
10.1109/QRS54544.2021.00013 |
Uncontrolled Keywords: |
scg-pub security snf-asa3 scg21 jb22 |
BORIS DOI: |
10.48350/169499 |
URI: |
https://boris.unibe.ch/id/eprint/169499 |
Actions (login required)
 |
Edit item |