research-article

How Internet Resources Might Be Helping You Develop Faster but Less Securely

Authors:

Christian StranskyAuthors Info & Claims

IEEE Security and Privacy, Volume 15, Issue 2

Pages 50 - 60

https://doi.org/10.1109/MSP.2017.24

Published: 01 April 2017 Publication History

Abstract

In this experimental study, Android developers using Stack Overflow to solve common security issues were more likely to produce functional--but less secure--code. Given today's time constraints and economic pressures, developers need improved official documentation that's both secure and usable.

References

[1]

E. Chin, “Analyzing Inter-application Communication in Android,” in Proc. 9th Int'l Conf. Mobile Systems, Applications, and Services (MobiSys 11), 2011, pp. 239–252.

Digital Library

Google Scholar

[2]

M. Egele, “An Empirical Study of Cryptographic Misuse in Adroid Applications,” in Proc. ACM SIGSAC Conf. Computer and Communications Security (CCS 13), 2013, pp. 73–84.

Crossref

Google Scholar

[3]

S. Fahl, “Why Eve and Mallory Love Android: An Analysis of Android SSL (In)Security,” in Proc. ACM Conf. Computer and Communications Security (CCS 12), 2012, pp. 50–61.

Digital Library

Google Scholar

[4]

A.P. Felt, “Android Permissions Demystified,” in Proc. 18th ACM Conf. Computer and Communications Security (CCS 11), 2011, pp. 627–638.

Crossref

Google Scholar

[5]

M. Georgiev, “The Most Dangerous Code in the World: Validating SSL Certificates in Non-browser Software,” in Proc. ACM Conf. Computer and Communications Security (CCS 12), 2012, pp. 38–49.

Digital Library

Google Scholar

[6]

B. Reaves, “Mo(bile) Money, Mo(bile) Problems: Analysis of Branchless Banking Applications in the Developing World,” in Proc. 24th USENIX Conf. Security Symp. (USENIX Sec 15), 2015, pp. 17–32.

Crossref

Google Scholar

[7]

S. Komatineni and D. MacLean, Pro Android 4, Apress, 2012.

Crossref

Google Scholar

[8]

N. Elenkov, Android Security Internals, No Starch Press, 2015.

Google Scholar

[9]

S. Nadi, “Jumping through Hoops: Why Do Java Developers Struggle with Cryptography APIs?,” in Proc. 38th Int'l Conf. Software Eng. (ICSE 16), 2016, pp. 935–946.

Digital Library

Google Scholar

[10]

W. Wang and M.W. Godfrey, “Detecting API Usage Obstacles: A Study of iOS and Android Developer Questions,” in Proc. 10th Working Conf. Mining Software Repositories (MSR 13), 2013, pp. 61–64.

Crossref

Google Scholar

[11]

W. Wang, H. Malik, and M.W. Godfrey, “Recommending Posts Concerning API Issues in Developer Q&A Sites,” Proc. 12th Working Conf. Mining Software Repositories (MSR 15), 2015, pp. 224–234.

Crossref

Google Scholar

Cited By

View all

Klemmer JHorstmann SPatnaik NLudden CBurton CPowers CMassacci FRahman AVotipka DLipford HRashid ANaiakshina AFahl SLuo BLiao XXu JKirda ELie D(2024)Using AI Assistants in Software Development: A Qualitative Study on Security Practices and ConcernsProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690283(2726-2740)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3690283
Diepenbrock AFleck JSachweh S(2023)An Analysis of Stack Exchange Questions: Identifying Challenges in Software Design and Development with a Focus on Data Privacy and Data ProtectionProceedings of the 18th International Conference on Availability, Reliability and Security10.1145/3600160.3605465(1-7)Online publication date: 29-Aug-2023
https://dl.acm.org/doi/10.1145/3600160.3605465
Klemmer JGutfleisch MStransky CAcar YSasse MFahl SMeng WJensen CCremers CKirda E(2023)"Make Them Change it Every Week!": A Qualitative Exploration of Online Developer Advice on Usable and Secure AuthenticationProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3623072(2740-2754)Online publication date: 15-Nov-2023
https://dl.acm.org/doi/10.1145/3576915.3623072
Show More Cited By

Recommendations

Internet Censorship
Internet of Things security

The Internet of things (IoT) has recently become an important research topic because it integrates various sensors and objects to communicate directly with one another without human intervention. The requirements for the large-scale deployment of the IoT ...
Bring your own device, securely
SAC '13: Proceedings of the 28th Annual ACM Symposium on Applied Computing

Modern mobile devices offer users powerful computational capabilities and complete customization. As a matter of fact, today smartphones and tablets have remarkable hardware profiles and a cornucopia of applications. Yet, the security mechanisms offered ...

Comments

Information & Contributors

Information

Published In

IEEE Security and Privacy Volume 15, Issue 2

April 2017

95 pages

ISSN:1540-7993

Issue’s Table of Contents

Publisher

IEEE Educational Activities Department

United States

Publication History

Published: 01 April 2017

Qualifiers

Research-article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

17
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 03 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Klemmer JHorstmann SPatnaik NLudden CBurton CPowers CMassacci FRahman AVotipka DLipford HRashid ANaiakshina AFahl SLuo BLiao XXu JKirda ELie D(2024)Using AI Assistants in Software Development: A Qualitative Study on Security Practices and ConcernsProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690283(2726-2740)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3690283
Diepenbrock AFleck JSachweh S(2023)An Analysis of Stack Exchange Questions: Identifying Challenges in Software Design and Development with a Focus on Data Privacy and Data ProtectionProceedings of the 18th International Conference on Availability, Reliability and Security10.1145/3600160.3605465(1-7)Online publication date: 29-Aug-2023
https://dl.acm.org/doi/10.1145/3600160.3605465
Klemmer JGutfleisch MStransky CAcar YSasse MFahl SMeng WJensen CCremers CKirda E(2023)"Make Them Change it Every Week!": A Qualitative Exploration of Online Developer Advice on Usable and Secure AuthenticationProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3623072(2740-2754)Online publication date: 15-Nov-2023
https://dl.acm.org/doi/10.1145/3576915.3623072
Brun YLin TSomerville JMyers EEbner N(2023)Blindspots in Python and Java APIs Result in Vulnerable CodeACM Transactions on Software Engineering and Methodology10.1145/357185032:3(1-31)Online publication date: 26-Apr-2023
https://dl.acm.org/doi/10.1145/3571850
Go KSoundarapandian SMitra AVidoni MFerreyra N(2023)Simple stupid insecure practices and GitHub’s code searchJournal of Systems and Software10.1016/j.jss.2023.111698202:COnline publication date: 1-Aug-2023
https://dl.acm.org/doi/10.1016/j.jss.2023.111698
Geierhaas LOrtloff ASmith MNaiakshina AChiasson SKapadia A(2022)Let's hashProceedings of the Eighteenth USENIX Conference on Usable Privacy and Security10.5555/3563609.3563636(503-522)Online publication date: 8-Aug-2022
https://dl.acm.org/doi/10.5555/3563609.3563636
Rao SLimonta GLindqvist JChiasson SKapadia A(2022)Usability and security of trusted platform module (TPM) library APIsProceedings of the Eighteenth USENIX Conference on Usable Privacy and Security10.5555/3563609.3563621(213-232)Online publication date: 8-Aug-2022
https://dl.acm.org/doi/10.5555/3563609.3563621
Blanchard E(2022)Client-Side Hashing for Efficient Typo-Tolerant Password CheckersInternational Journal of Systems and Software Security and Protection10.4018/IJSSSP.30262213:1(1-24)Online publication date: 13-Jul-2022
https://dl.acm.org/doi/10.4018/IJSSSP.302622
Tahaei MBernd JRashid A(2022)Privacy, Permissions, and the Health App Ecosystem: A Stack Overflow ExplorationProceedings of the 2022 European Symposium on Usable Security10.1145/3549015.3555669(117-130)Online publication date: 29-Sep-2022
https://dl.acm.org/doi/10.1145/3549015.3555669
Schmidt Hvan Aerssen MLeich CBenni AAl Ali STanz J(2022)CopypastaVulGuard – A browser extension to prevent copy and paste spreading of vulnerable source code in forum postsProceedings of the 17th International Conference on Availability, Reliability and Security10.1145/3538969.3538973(1-8)Online publication date: 23-Aug-2022
https://dl.acm.org/doi/10.1145/3538969.3538973
Show More Cited By

Abstract

References

Cited By

Recommendations

Internet Censorship

Internet of Things security

Bring your own device, securely

Comments

Information

Published In

Publisher

Publication History

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations