Home > Research > Publications & Outputs > Jumping through hoops

Research

Links

Text available via DOI:

View graph of relations

Jumping through hoops: why do Java developers struggle with cryptography APIs?

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSNConference contribution/Paperpeer-review

Published

Standard

Jumping through hoops: why do Java developers struggle with cryptography APIs? . / Nadi, Sarah; Kruger, Stefan; Mezini, Ermira et al.
ICSE '16 Proceedings of the 38th International Conference on Software Engineering. New York: ACM, 2016. p. 935-946.

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSNConference contribution/Paperpeer-review

Harvard

Nadi, S, Kruger, S, Mezini, E & Bodden, E 2016, Jumping through hoops: why do Java developers struggle with cryptography APIs? . in ICSE '16 Proceedings of the 38th International Conference on Software Engineering. ACM, New York, pp. 935-946. https://doi.org/10.1145/2884781.2884790

APA

Nadi, S., Kruger, S., Mezini, E., & Bodden, E. (2016). Jumping through hoops: why do Java developers struggle with cryptography APIs? . In ICSE '16 Proceedings of the 38th International Conference on Software Engineering (pp. 935-946). ACM. https://doi.org/10.1145/2884781.2884790

Vancouver

Nadi S, Kruger S, Mezini E, Bodden E. Jumping through hoops: why do Java developers struggle with cryptography APIs? . In ICSE '16 Proceedings of the 38th International Conference on Software Engineering. New York: ACM. 2016. p. 935-946 doi: 10.1145/2884781.2884790

Author

Nadi, Sarah ; Kruger, Stefan ; Mezini, Ermira et al. / Jumping through hoops : why do Java developers struggle with cryptography APIs? . ICSE '16 Proceedings of the 38th International Conference on Software Engineering. New York : ACM, 2016. pp. 935-946

Bibtex

@inproceedings{9c8ad215d8cf40bf997c465d0cf0eccd,
title = "Jumping through hoops: why do Java developers struggle with cryptography APIs? ",
abstract = "To protect sensitive data processed by current applications, developers, whether security experts or not, have to rely on cryptography. While cryptography algorithms have become increasingly advanced, many data breaches occur because developers do not correctly use the corresponding APIs. To guide future research into practical solutions to this problem, we perform an empirical investigation into the obstacles developers face while using the Java cryptography APIs, the tasks they use the APIs for, and the kind of (tool) support they desire. We triangulate data from four separate studies that include the analysis of 100 StackOverflow posts, 100 GitHub repositories, and survey input from 48 developers. We find that while developers find it difficult to use certain cryptographic algorithms correctly, they feel surprisingly confident in selecting the right cryptography concepts (e.g., encryption vs. signatures). We also find that the APIs are generally perceived to be too low-level and that developers prefer more task-based solutions.",
author = "Sarah Nadi and Stefan Kruger and Ermira Mezini and Eric Bodden",
year = "2016",
month = apr,
doi = "10.1145/2884781.2884790",
language = "English",
isbn = "9781450339001",
pages = "935--946",
booktitle = "ICSE '16 Proceedings of the 38th International Conference on Software Engineering",
publisher = "ACM",

}

RIS

TY - GEN

T1 - Jumping through hoops

T2 - why do Java developers struggle with cryptography APIs?

AU - Nadi, Sarah

AU - Kruger, Stefan

AU - Mezini, Ermira

AU - Bodden, Eric

PY - 2016/4

Y1 - 2016/4

N2 - To protect sensitive data processed by current applications, developers, whether security experts or not, have to rely on cryptography. While cryptography algorithms have become increasingly advanced, many data breaches occur because developers do not correctly use the corresponding APIs. To guide future research into practical solutions to this problem, we perform an empirical investigation into the obstacles developers face while using the Java cryptography APIs, the tasks they use the APIs for, and the kind of (tool) support they desire. We triangulate data from four separate studies that include the analysis of 100 StackOverflow posts, 100 GitHub repositories, and survey input from 48 developers. We find that while developers find it difficult to use certain cryptographic algorithms correctly, they feel surprisingly confident in selecting the right cryptography concepts (e.g., encryption vs. signatures). We also find that the APIs are generally perceived to be too low-level and that developers prefer more task-based solutions.

AB - To protect sensitive data processed by current applications, developers, whether security experts or not, have to rely on cryptography. While cryptography algorithms have become increasingly advanced, many data breaches occur because developers do not correctly use the corresponding APIs. To guide future research into practical solutions to this problem, we perform an empirical investigation into the obstacles developers face while using the Java cryptography APIs, the tasks they use the APIs for, and the kind of (tool) support they desire. We triangulate data from four separate studies that include the analysis of 100 StackOverflow posts, 100 GitHub repositories, and survey input from 48 developers. We find that while developers find it difficult to use certain cryptographic algorithms correctly, they feel surprisingly confident in selecting the right cryptography concepts (e.g., encryption vs. signatures). We also find that the APIs are generally perceived to be too low-level and that developers prefer more task-based solutions.

U2 - 10.1145/2884781.2884790

DO - 10.1145/2884781.2884790

M3 - Conference contribution/Paper

SN - 9781450339001

SP - 935

EP - 946

BT - ICSE '16 Proceedings of the 38th International Conference on Software Engineering

PB - ACM

CY - New York

ER -