Worrisome Patterns in Developers: A Survey in Cryptography

Hazhirpasand Barkadehi, Mohammadreza; Ghafari, Mohammad; Nierstrasz, Oscar

doi:10.48350/165147

Worrisome Patterns in Developers: A Survey in Cryptography

BORIS DOI

10.48350/165147

Official URL

http://scg.unibe.ch/archive/papers/Hazh21d.pdf

Publisher DOI

10.1109/ASEW52652.2021.00045

Description

We surveyed 97 developers who had used cryptography in open-source projects, in the hope of identifying developer security and cryptography practices. We asked them about individual and company-level practices, and divided respondents into three groups (i.e., high, medium, and low) based on their level of knowledge. We found differences between the high-profile developers and the other two groups. For instance, high-profile developers have more years of experience in programming, have attended more security and cryptography courses, have more background in security, are highly concerned about security, and tend to use security tools more than the other two groups. Nevertheless, we observed worrisome patterns among all participants such as the high usage of unreliable sources like Stack Overflow, and the low rate of security tool usage.

Date of Publication

2021-11

Publication Type

Conference Item

Subject(s)

000 Computer science, knowledge & systems

Keyword(s)

scg-pub security snf-asa3 scg21 jb22

Language(s)

en

Contributor(s)

Hazhirpasand Barkadehi, Mohammadreza	Institut für Informatik (INF)
Ghafari, Mohammad	Institut für Informatik (INF)
Nierstrasz, Oscar	Institut für Informatik (INF)

Additional Credits

Institut für Informatik (INF)

ISBN

978-1-6654-3583-3

Title of Event

2021 36th IEEE/ACM International Conference on Automated Software Engineering Workshops (ASEW)

Access(Rights)

open.access

Show full item

Worrisome Patterns in Developers: A Survey in Cryptography

Options