Usability and Security Effects of Code Examples on Crypto APIs - CryptoExamples: A platform for free, minimal, complete and secure crypto examples
This addresses usability and security issues for non-security experts using cryptographic APIs, though it is incremental as it builds on existing suggestions to add example code.
The researchers tackled the problem of cryptographic APIs being difficult to use by creating CryptoExamples, a free platform for code examples, and found that participants using it were 73% more effective and had 66% fewer security vulnerabilities in their code.
Context: Cryptographic APIs are said to be not usable and researchers suggest to add example code to the documentation. Aim: We wanted to create a free platform for cryptographic code examples that improves the usability and security of created applications by non security experts. Method: We created the open-source web platform CryptoExamples and conducted a controlled experiment where 58 students added symmetric encryption to a Java program. We then measured the usability and security. Results: The participants who used the platform were not only significantly more effective (+73 %) but also their code contained significantly less possible security vulnerabilities (-66 %). Conclusions: With CryptoExamples the gap between hard to change API documentation and the need for complete and secure code examples can be closed. Still, the platform needs more code examples.