An Empirical Study of Developers' Discussions about Security Challenges of Different Programming Languages

by   Roland Croft, et al.

Given programming languages can provide different types and levels of security support, it is critically important to consider security aspects while selecting programming languages for developing software systems. Inadequate consideration of security in the choice of a programming language may lead to potential ramifications for secure development. Whilst theoretical analysis of the supposed security properties of different programming languages has been conducted, there has been relatively little effort to empirically explore the actual security challenges experienced by developers. We have performed a large-scale study of the security challenges of 15 programming languages by quantitatively and qualitatively analysing the developers' discussions from Stack Overflow and GitHub. By leveraging topic modelling, we have derived a taxonomy of 18 major security challenges for 6 topic categories. We have also conducted comparative analysis to understand how the identified challenges vary regarding the different programming languages and data sources. Our findings suggest that the challenges and their characteristics differ substantially for different programming languages and data sources, i.e., Stack Overflow and GitHub. The findings provide evidence-based insights and understanding of security challenges related to different programming languages to software professionals (i.e., practitioners or researchers). The reported taxonomy of security challenges can assist both practitioners and researchers in better understanding and traversing the secure development landscape. This study highlights the importance of the choice of technology, e.g., programming language, in secure software engineering. Hence, the findings are expected to motivate practitioners to consider the potential impact of the choice of programming languages on software security.



There are no comments yet.


page 26


FSE/CACM Rebuttal^2: Correcting A Large-Scale Study of Programming Languages and Code Quality in GitHub

Ray, Devanbu and Filkov issued a rebuttal of our TOPLAS paper "On the Im...

Analyzing programming languages by community characteristics on Github and StackOverflow

The choice of programming language is a very important decision as it no...

Contemporary COBOL: Developers' Perspectives on Defects and Defect Location

Mainframe systems are facing a critical shortage of developer workforce ...

Characteristics and Challenges of Low-Code Development: The Practitioners' Perspective

Background: In recent years, Low-code development (LCD) is growing rapid...

How Does Bug-Handling Effort Differ Among Different Programming Languages?

Handling bugs is an essential part of software development. The impact o...

Documenting Geographically and Contextually Diverse Data Sources: The BigScience Catalogue of Language Data and Resources

In recent years, large-scale data collection efforts have prioritized th...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.