# The Impact of Developer Experience in Using Java Cryptography

**Authors:** Mohammadreza Hazhirpasand, Mohammad Ghafari, Stefan Kr\"uger, Eric, Bodden, Oscar Nierstrasz

arXiv: 1908.01489 · 2019-08-06

## TL;DR

This study analyzes how developer experience affects the use of Java cryptography APIs, finding no clear correlation and highlighting the need for further qualitative and API-level research to improve security practices.

## Contribution

It provides an empirical analysis of 2,324 open-source Java projects, revealing that developer experience does not significantly impact cryptography API usage performance.

## Key findings

- Developer experience does not correlate with API usage performance.
- Common factors like lines of code or project involvement are not linked to better performance.
- Calls for qualitative and API-level studies to understand developer challenges.

## Abstract

Previous research has shown that crypto APIs are hard for developers to understand and difficult for them to use. They consequently rely on unvalidated boilerplate code from online resources where security vulnerabilities are common.   We analyzed 2,324 open-source Java projects that rely on Java Cryptography Architecture (JCA) to understand how crypto APIs are used in practice, and what factors account for the performance of developers in using these APIs. We found that, in general, the experience of developers in using JCA does not correlate with their performance. In particular, none of the factors such as the number or frequency of committed lines of code, the number of JCA APIs developers use, or the number of projects they are involved in correlate with developer performance in this domain.   We call for qualitative studies to shed light on the reasons underlying the success of developers who are expert in using cryptography. Also, detailed investigation at API level is necessary to further clarify a developer obstacles in this domain.

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/1908.01489/full.md

## Figures

7 figures with captions in the complete paper: https://tomesphere.com/paper/1908.01489/full.md

## References

12 references — full list in the complete paper: https://tomesphere.com/paper/1908.01489/full.md

---
Source: https://tomesphere.com/paper/1908.01489