Don't forget your classics: Systematizing 45 years of Ancestry for Security API Usability Recommendations
Producing secure software is challenging. The poor usability of security APIs makes this even harder. Many recommendations have been proposed to support developers by improving the usability of cryptography libraries and APIs; rooted in wider best practice guidance in software engineering and API de...
Gespeichert in:
| Hauptverfasser: | , , , |
|---|---|
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext bestellen |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | |
|---|---|
| container_issue | |
| container_start_page | |
| container_title | |
| container_volume | |
| creator | Patnaik, Nikhil Dwyer, Andrew C Hallett, Joseph Rashid, Awais |
| description | Producing secure software is challenging. The poor usability of security APIs
makes this even harder. Many recommendations have been proposed to support
developers by improving the usability of cryptography libraries and APIs;
rooted in wider best practice guidance in software engineering and API design.
In this SLR, we systematize knowledge regarding these recommendations.
We identify and analyze 65 papers spanning 45 years, offering a total of 883
recommendations.We undertake a thematic analysis to identify 7 core ways to
improve usability of APIs. We find that most of the recommendations focus on
helping API developers to construct and structure their code and make it more
usable and easier for programmers to understand. There is less focus, however,
on documentation, writing requirements, code quality assessment and the impact
of organizational software development practices. By tracing and analyzing
paper ancestry, we map how this knowledge becomes validated and translated over
time.We find evidence that less than a quarter of all API usability
recommendations are empirically validated, and that recommendations specific to
usable security APIs lag even further behind in this regard. |
| doi_str_mv | 10.48550/arxiv.2105.02031 |
| format | Article |
| fullrecord | <record><control><sourceid>arxiv_GOX</sourceid><recordid>TN_cdi_arxiv_primary_2105_02031</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2105_02031</sourcerecordid><originalsourceid>FETCH-LOGICAL-a671-fddde05632da7ae23e92e59df77a1e01ad17e4dc774a929bf5233450e9b2f3963</originalsourceid><addsrcrecordid>eNotj71OwzAYRb0woMIDMOGNKcE_cYzZovJXqRKIljn6Yn-uLDUxslNEeHpIy3R1hnukQ8gVZ2V1pxS7hfQdvkrBmSqZYJKfk_AQh5uR-ph2ONIpHhK1e8g52HxPN1MesYcx_IRhRytFJ4SUafS0GSzmMU3zkW7QHlIYJ9q8rehHhi7sZ3pHG_seB_cniEO-IGce9hkv_3dBtk-P2-VLsX59Xi2bdQG15oV3ziFTtRQONKCQaAQq47zWwJFxcFxj5azWFRhhOq-ElJViaDrhpanlglyftMfW9jOFHtLUzs3tsVn-AjPZUvI</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>Don't forget your classics: Systematizing 45 years of Ancestry for Security API Usability Recommendations</title><source>arXiv.org</source><creator>Patnaik, Nikhil ; Dwyer, Andrew C ; Hallett, Joseph ; Rashid, Awais</creator><creatorcontrib>Patnaik, Nikhil ; Dwyer, Andrew C ; Hallett, Joseph ; Rashid, Awais</creatorcontrib><description>Producing secure software is challenging. The poor usability of security APIs
makes this even harder. Many recommendations have been proposed to support
developers by improving the usability of cryptography libraries and APIs;
rooted in wider best practice guidance in software engineering and API design.
In this SLR, we systematize knowledge regarding these recommendations.
We identify and analyze 65 papers spanning 45 years, offering a total of 883
recommendations.We undertake a thematic analysis to identify 7 core ways to
improve usability of APIs. We find that most of the recommendations focus on
helping API developers to construct and structure their code and make it more
usable and easier for programmers to understand. There is less focus, however,
on documentation, writing requirements, code quality assessment and the impact
of organizational software development practices. By tracing and analyzing
paper ancestry, we map how this knowledge becomes validated and translated over
time.We find evidence that less than a quarter of all API usability
recommendations are empirically validated, and that recommendations specific to
usable security APIs lag even further behind in this regard.</description><identifier>DOI: 10.48550/arxiv.2105.02031</identifier><language>eng</language><subject>Computer Science - Cryptography and Security ; Computer Science - Software Engineering</subject><creationdate>2021-05</creationdate><rights>http://creativecommons.org/licenses/by/4.0</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>228,230,781,886</link.rule.ids><linktorsrc>$$Uhttps://arxiv.org/abs/2105.02031$$EView_record_in_Cornell_University$$FView_record_in_$$GCornell_University$$Hfree_for_read</linktorsrc><backlink>$$Uhttps://doi.org/10.48550/arXiv.2105.02031$$DView paper in arXiv$$Hfree_for_read</backlink></links><search><creatorcontrib>Patnaik, Nikhil</creatorcontrib><creatorcontrib>Dwyer, Andrew C</creatorcontrib><creatorcontrib>Hallett, Joseph</creatorcontrib><creatorcontrib>Rashid, Awais</creatorcontrib><title>Don't forget your classics: Systematizing 45 years of Ancestry for Security API Usability Recommendations</title><description>Producing secure software is challenging. The poor usability of security APIs
makes this even harder. Many recommendations have been proposed to support
developers by improving the usability of cryptography libraries and APIs;
rooted in wider best practice guidance in software engineering and API design.
In this SLR, we systematize knowledge regarding these recommendations.
We identify and analyze 65 papers spanning 45 years, offering a total of 883
recommendations.We undertake a thematic analysis to identify 7 core ways to
improve usability of APIs. We find that most of the recommendations focus on
helping API developers to construct and structure their code and make it more
usable and easier for programmers to understand. There is less focus, however,
on documentation, writing requirements, code quality assessment and the impact
of organizational software development practices. By tracing and analyzing
paper ancestry, we map how this knowledge becomes validated and translated over
time.We find evidence that less than a quarter of all API usability
recommendations are empirically validated, and that recommendations specific to
usable security APIs lag even further behind in this regard.</description><subject>Computer Science - Cryptography and Security</subject><subject>Computer Science - Software Engineering</subject><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2021</creationdate><recordtype>article</recordtype><sourceid>GOX</sourceid><recordid>eNotj71OwzAYRb0woMIDMOGNKcE_cYzZovJXqRKIljn6Yn-uLDUxslNEeHpIy3R1hnukQ8gVZ2V1pxS7hfQdvkrBmSqZYJKfk_AQh5uR-ph2ONIpHhK1e8g52HxPN1MesYcx_IRhRytFJ4SUafS0GSzmMU3zkW7QHlIYJ9q8rehHhi7sZ3pHG_seB_cniEO-IGce9hkv_3dBtk-P2-VLsX59Xi2bdQG15oV3ziFTtRQONKCQaAQq47zWwJFxcFxj5azWFRhhOq-ElJViaDrhpanlglyftMfW9jOFHtLUzs3tsVn-AjPZUvI</recordid><startdate>20210505</startdate><enddate>20210505</enddate><creator>Patnaik, Nikhil</creator><creator>Dwyer, Andrew C</creator><creator>Hallett, Joseph</creator><creator>Rashid, Awais</creator><scope>AKY</scope><scope>GOX</scope></search><sort><creationdate>20210505</creationdate><title>Don't forget your classics: Systematizing 45 years of Ancestry for Security API Usability Recommendations</title><author>Patnaik, Nikhil ; Dwyer, Andrew C ; Hallett, Joseph ; Rashid, Awais</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-a671-fddde05632da7ae23e92e59df77a1e01ad17e4dc774a929bf5233450e9b2f3963</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2021</creationdate><topic>Computer Science - Cryptography and Security</topic><topic>Computer Science - Software Engineering</topic><toplevel>online_resources</toplevel><creatorcontrib>Patnaik, Nikhil</creatorcontrib><creatorcontrib>Dwyer, Andrew C</creatorcontrib><creatorcontrib>Hallett, Joseph</creatorcontrib><creatorcontrib>Rashid, Awais</creatorcontrib><collection>arXiv Computer Science</collection><collection>arXiv.org</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Patnaik, Nikhil</au><au>Dwyer, Andrew C</au><au>Hallett, Joseph</au><au>Rashid, Awais</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Don't forget your classics: Systematizing 45 years of Ancestry for Security API Usability Recommendations</atitle><date>2021-05-05</date><risdate>2021</risdate><abstract>Producing secure software is challenging. The poor usability of security APIs
makes this even harder. Many recommendations have been proposed to support
developers by improving the usability of cryptography libraries and APIs;
rooted in wider best practice guidance in software engineering and API design.
In this SLR, we systematize knowledge regarding these recommendations.
We identify and analyze 65 papers spanning 45 years, offering a total of 883
recommendations.We undertake a thematic analysis to identify 7 core ways to
improve usability of APIs. We find that most of the recommendations focus on
helping API developers to construct and structure their code and make it more
usable and easier for programmers to understand. There is less focus, however,
on documentation, writing requirements, code quality assessment and the impact
of organizational software development practices. By tracing and analyzing
paper ancestry, we map how this knowledge becomes validated and translated over
time.We find evidence that less than a quarter of all API usability
recommendations are empirically validated, and that recommendations specific to
usable security APIs lag even further behind in this regard.</abstract><doi>10.48550/arxiv.2105.02031</doi><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext_linktorsrc |
| identifier | DOI: 10.48550/arxiv.2105.02031 |
| ispartof | |
| issn | |
| language | eng |
| recordid | cdi_arxiv_primary_2105_02031 |
| source | arXiv.org |
| subjects | Computer Science - Cryptography and Security Computer Science - Software Engineering |
| title | Don't forget your classics: Systematizing 45 years of Ancestry for Security API Usability Recommendations |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-18T08%3A56%3A41IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-arxiv_GOX&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Don't%20forget%20your%20classics:%20Systematizing%2045%20years%20of%20Ancestry%20for%20Security%20API%20Usability%20Recommendations&rft.au=Patnaik,%20Nikhil&rft.date=2021-05-05&rft_id=info:doi/10.48550/arxiv.2105.02031&rft_dat=%3Carxiv_GOX%3E2105_02031%3C/arxiv_GOX%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true |