Hurdles for Developers in Cryptography
Mohammadreza Hazhirpasand, Oscar Nierstrasz, Mohammadhossein, Shabani, Mohammad Ghafari
TL;DR
This paper investigates the challenges developers face with cryptography by analyzing Stack Overflow questions, revealing knowledge gaps and usability issues that hinder correct implementation, highlighting the need for improved crypto API design.
Contribution
It provides a comprehensive analysis of cryptography-related questions to identify common developer challenges and emphasizes the necessity for better crypto API usability.
Findings
Developers lack fundamental cryptography knowledge
Usability issues in crypto libraries hinder correct implementation
Need for research to improve crypto API design
Abstract
Prior research has shown that cryptography is hard to use for developers. We aim to understand what cryptography issues developers face in practice. We clustered 91954 cryptography-related questions on the Stack Overflow website, and manually analyzed a significant sample (i.e., 383) of the questions to comprehend the crypto challenges developers commonly face in this domain. We found that either developers have a distinct lack of knowledge in understanding the fundamental concepts, \eg OpenSSL, public-key cryptography or password hashing, or the usability of crypto libraries undermined developer performance to correctly realize a crypto scenario. This is alarming and indicates the need for dedicated research to improve the design of crypto APIs.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdvanced Malware Detection Techniques · Spam and Phishing Detection · Information and Cyber Security