Table of Links
Abstract and I. Introduction
II. Related Work
III. Methodology
IV. Results and Discussion
V. Threats to Validity
VI. Conclusions, Acknowledgments, and References
Sifat et al. investigated three online sources, i.e., Crypto Stack Exchange, Security Stack Exchange, and Quora, to identify complications with respect to implementing security in data transmission [6]. Their findings suggest that the most discussed technique is transport layer security (TLS), and the Cross-Site Scripting (XSS) attack is the main concern of developers. In another study, Yang et al. conducted a large-scale analysis of security-related questions on Stack Overflow [7]. They identified five main categories, i.e., web security, mobile security, cryptography, software security, and system security but they did not look into the challenges of each topic. A recent study conducted by Meng et al. has recognized the challenges of writing secure Java code on Stack Overflow [8]. Their examinations provide compelling evidence that security implications of coding options in Java, e.g., CSRF tokens, are not well-perceived by a large number of developers. Nandi et al. conducted an empirical study on the frequent crypto obstacles with which Java developers commonly face [1]. They triangulated data from a survey, 100 randomly selected Java GitHub repositories, and the top 100 Java cryptography questions asked on Stack Overflow. Their analyses depicted nine main crypto topics, suggesting that developers face difficulties using cryptography. This issue has adversely affected developer performance and software security [9]. A recent study showed that developers blindly use the provided vulnerable code snippets found on Stack Overflow [10]. They mentioned that 15.4% of the 1.3 million Android applications contained security-related code snippets from Stack Overflow. The previous studies solely focused on security or crypto implications of a particular language or in general security-related concerns. In contrast, we specifically analyzed crypto-related questions of any kind irrespective of any programming languages or particular part of cryptography.
Authors:
(1) Mohammadreza Hazhirpasand, Oscar Nierstrasz, University of Bern, Bern, Switzerland;
(2) Mohammadhossein Shabani, Azad University, Rasht, Iran;
(3) Mohammad Ghafari, School of Computer Science, University of Auckland, Auckland, New Zealand.
