security

Our user study shows that the Eclipse plugin CogniCrypt reduces misuses and speeds development, enhancing security and efficiency for cryptographic API usage. Through a controlled experiment with 24 Java developers, we found that CogniCrypt significantly improves code security and development speed for cryptography-related tasks. Developers appreciate CogniCrypt’s code generation and static analysis, though integrating the generated code remains a challenge.

Our study analyzes cryptographic API misuses in over 900 Python and MicroPython projects, revealing that 52% of the projects have at least one misuse. The findings indicate a positive impact of good API design in reducing misuses compared to Java and C.