Don't forget your classics: Systematizing 45 years of Ancestry for Security API Usability Recommendations

by   Nikhil Patnaik, et al.

Producing secure software is challenging. The poor usability of security APIs makes this even harder. Many recommendations have been proposed to support developers by improving the usability of cryptography libraries and APIs; rooted in wider best practice guidance in software engineering and API design. In this SLR, we systematize knowledge regarding these recommendations. We identify and analyze 65 papers spanning 45 years, offering a total of 883 recommendations.We undertake a thematic analysis to identify 7 core ways to improve usability of APIs. We find that most of the recommendations focus on helping API developers to construct and structure their code and make it more usable and easier for programmers to understand. There is less focus, however, on documentation, writing requirements, code quality assessment and the impact of organizational software development practices. By tracing and analyzing paper ancestry, we map how this knowledge becomes validated and translated over time.We find evidence that less than a quarter of all API usability recommendations are empirically validated, and that recommendations specific to usable security APIs lag even further behind in this regard.



There are no comments yet.


page 1

page 2

page 3

page 4


Why Johnny Can't Store Passwords Securely? A Usability Evaluation of Bouncycastle Password Hashing

Lack of usability of security Application Programming In- terfaces (APIs...

Requirements of API Documentation: A Case Study into Computer Vision Services

Using cloud-based computer vision services is gaining traction, where de...

How Usable are Rust Cryptography APIs?

Context: Poor usability of cryptographic APIs is a severe source of vuln...

ArCode: A Tool for Supporting Comprehension andImplementation of Architectural Concerns

Integrated development environments (IDE) play an important role in supp...

Zur Benutzbarkeit und Verwendung von API-Dokumentationen

A good documentation is essential for a good usability of (security) API...

FluentCrypto: Cryptography in Easy Mode

Research has shown that cryptography concepts are hard to understand for...

Designing Robust API Monitoring Solutions

Tracing the sequence of library and system calls that a program makes is...
This week in AI

Get the week's most popular data science and artificial intelligence research sent straight to your inbox every Saturday.